diff --git a/docker-compose.yml b/docker-compose.yml
index b16ca66..de9eae0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -24,7 +24,7 @@ services:
       - "traefik.http.services.${APP_NAME}.loadbalancer.server.port=3000"
 
       # Router 1: Public PWA resources (no auth) - Higher priority
-      - "traefik.http.routers.${APP_NAME}-public.rule=Host(`${APP_DOMAIN}`) && (PathPrefix(`/manifest.webmanifest`) || PathPrefix(`/sw.js`) || PathPrefix(`/workbox-`) || PathPrefix(`/icon-`) || PathPrefix(`/apple-touch-icon`) || PathPrefix(`/favicon.ico`) || PathPrefix(`/robots.txt`))"
+      - "traefik.http.routers.${APP_NAME}-public.rule=Host(`${APP_DOMAIN}`) && (PathPrefix(`/manifest.webmanifest`) || PathPrefix(`/sw.js`) || PathPrefix(`/workbox-`) || PathPrefix(`/icon-`) || PathPrefix(`/apple-touch-icon`) || PathPrefix(`/favicon.ico`) || PathPrefix(`/robots.txt`) || PathPrefix(`/api/_nuxt_icon/`))"
       - "traefik.http.routers.${APP_NAME}-public.entrypoints=websecure"
       - "traefik.http.routers.${APP_NAME}-public.tls.certresolver=letsencrypt"
       - "traefik.http.routers.${APP_NAME}-public.priority=100"
diff --git a/nuxt4/app/composables/useAuthentik.ts b/nuxt4/app/composables/useAuthentik.ts
index 51d13cb..611600c 100644
--- a/nuxt4/app/composables/useAuthentik.ts
+++ b/nuxt4/app/composables/useAuthentik.ts
@@ -86,14 +86,32 @@ export const useAuthentik = () => {
         })
       }
     } catch (error) {
-      // Error al consultar
-      toast.add({
-        title: 'Error',
-        description: 'No se pudo verificar el estado de la sesión',
-        color: 'error',
-        icon: 'i-heroicons-x-circle',
-        timeout: 5000
-      })
+      // Si el error es por redirect de Authentik (CORS/fetch error), significa que no hay sesión
+      // Authentik redirige a login cuando no hay sesión válida, causando error CORS en fetch
+      const errorMessage = error?.message || error?.toString() || ''
+      const isCorsOrRedirectError = errorMessage.includes('Failed to fetch') ||
+                                     errorMessage.includes('CORS') ||
+                                     error?.statusCode === 302
+
+      if (isCorsOrRedirectError) {
+        // Interpretar como sesión expirada/inválida
+        toast.add({
+          title: 'Sin Sesión',
+          description: 'No hay sesión activa en Authentik',
+          color: 'warning',
+          icon: 'i-heroicons-exclamation-triangle',
+          timeout: 5000
+        })
+      } else {
+        // Error real de red o servidor
+        toast.add({
+          title: 'Error',
+          description: 'No se pudo verificar el estado de la sesión',
+          color: 'error',
+          icon: 'i-heroicons-x-circle',
+          timeout: 5000
+        })
+      }
       console.error('Error checking session status:', error)
     }
   }