diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9cffcc91..f5d63cd6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,7 @@
 - [#3382](https://github.com/oauth2-proxy/oauth2-proxy/pull/3382) chore(deps): update gomod and golangci/golangci-lint to v2.11.4 (@tuunit)
 - [#3374](https://github.com/oauth2-proxy/oauth2-proxy/pull/3374) fix: handle Unix socket RemoteAddr in IP resolution (@H1net)
 - [#3381](https://github.com/oauth2-proxy/oauth2-proxy/pull/3381) fix: do not log error for backend logout 204 (@artificiosus)
+- [#3327](https://github.com/oauth2-proxy/oauth2-proxy/pull/3327) fix: improve logging when session refresh token is missing (@yosri-brh)
 
 
 ## Release Highlights
diff --git a/pkg/apis/sessions/session_state.go b/pkg/apis/sessions/session_state.go
index fef20aab..6c55e2c8 100644
--- a/pkg/apis/sessions/session_state.go
+++ b/pkg/apis/sessions/session_state.go
@@ -127,6 +127,8 @@ func (s *SessionState) String() string {
 	}
 	if s.RefreshToken != "" {
 		o += " refresh_token:true"
+	} else {
+		o += " refresh_token:false"
 	}
 	if len(s.Groups) > 0 {
 		o += fmt.Sprintf(" groups:%v", s.Groups)
diff --git a/pkg/apis/sessions/session_state_test.go b/pkg/apis/sessions/session_state_test.go
index 1dc6d3ad..ec131393 100644
--- a/pkg/apis/sessions/session_state_test.go
+++ b/pkg/apis/sessions/session_state_test.go
@@ -4,6 +4,7 @@ import (
 	"crypto/rand"
 	"fmt"
 	"io"
+	"strings"
 	"testing"
 	"time"
 
@@ -57,7 +58,7 @@ func TestString(t *testing.T) {
 				User:              "some.user",
 				PreferredUsername: "preferred.user",
 			},
-			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user}",
+			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user refresh_token:false}",
 		},
 		{
 			name: "Full Session",
@@ -81,7 +82,7 @@ func TestString(t *testing.T) {
 				PreferredUsername: "preferred.user",
 				CreatedAt:         &created,
 			},
-			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user created:2000-01-01 00:00:00 +0000 UTC}",
+			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user created:2000-01-01 00:00:00 +0000 UTC refresh_token:false}",
 		},
 		{
 			name: "With an ExpiresOn",
@@ -91,7 +92,7 @@ func TestString(t *testing.T) {
 				PreferredUsername: "preferred.user",
 				ExpiresOn:         &expires,
 			},
-			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user expires:2000-01-01 01:00:00 +0000 UTC}",
+			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user expires:2000-01-01 01:00:00 +0000 UTC refresh_token:false}",
 		},
 		{
 			name: "With an AccessToken",
@@ -101,7 +102,7 @@ func TestString(t *testing.T) {
 				PreferredUsername: "preferred.user",
 				AccessToken:       "access.token",
 			},
-			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user token:true}",
+			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user token:true refresh_token:false}",
 		},
 		{
 			name: "With an IDToken",
@@ -111,7 +112,7 @@ func TestString(t *testing.T) {
 				PreferredUsername: "preferred.user",
 				IDToken:           "id.token",
 			},
-			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user id_token:true}",
+			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user id_token:true refresh_token:false}",
 		},
 		{
 			name: "With a RefreshToken",
@@ -353,3 +354,31 @@ func TestGetClaim(t *testing.T) {
 		})
 	}
 }
+
+func TestSessionState_String_RefreshTokenFalse(t *testing.T) {
+	session := &SessionState{
+		Email: "test@example.com",
+		User:  "testuser",
+		// No RefreshToken set
+	}
+
+	result := session.String()
+
+	if !strings.Contains(result, "refresh_token:false") {
+		t.Errorf("Expected 'refresh_token:false' in output, got: %s", result)
+	}
+}
+
+func TestSessionState_String_RefreshTokenTrue(t *testing.T) {
+	session := &SessionState{
+		Email:        "test@example.com",
+		User:         "testuser",
+		RefreshToken: "some-token",
+	}
+
+	result := session.String()
+
+	if !strings.Contains(result, "refresh_token:true") {
+		t.Errorf("Expected 'refresh_token:true' in output, got: %s", result)
+	}
+}
diff --git a/pkg/middleware/stored_session.go b/pkg/middleware/stored_session.go
index f861c756..72c364e7 100644
--- a/pkg/middleware/stored_session.go
+++ b/pkg/middleware/stored_session.go
@@ -222,6 +222,7 @@ func (s *storedSessionLoader) refreshSession(rw http.ResponseWriter, req *http.R
 
 	// Session not refreshed, nothing to persist.
 	if !refreshed {
+		logger.Printf("Session not refreshed - User: %s; no refresh token available or provider returned false", session.User)
 		return nil
 	}