diff --git a/api-profiles.go b/api-profiles.go
index 5dbfc01..8c27e3b 100644
--- a/api-profiles.go
+++ b/api-profiles.go
@@ -110,7 +110,7 @@ func (app *appContext) SetDefaultProfile(gc *gin.Context) {
 func (app *appContext) CreateProfile(gc *gin.Context) {
 	var req newProfileDTO
 	gc.BindJSON(&req)
-	app.jf.CacheExpiry = time.Now()
+	app.InvalidateJellyfinCache()
 	user, err := app.jf.UserByID(req.ID, false)
 	if err != nil {
 		app.err.Printf(lm.FailedGetUsers, lm.Jellyfin, err)
diff --git a/api-users.go b/api-users.go
index c061d01..dfb930f 100644
--- a/api-users.go
+++ b/api-users.go
@@ -427,7 +427,7 @@ func (app *appContext) EnableDisableUsers(gc *gin.Context) {
 			}
 		}
 	}
-	app.jf.CacheExpiry = time.Now()
+	app.InvalidateUserCaches()
 	if len(errors["GetUser"]) != 0 || len(errors["SetPolicy"]) != 0 {
 		gc.JSON(500, errors)
 		return
@@ -495,7 +495,7 @@ func (app *appContext) DeleteUsers(gc *gin.Context) {
 			}
 		}
 	}
-	app.jf.CacheExpiry = time.Now()
+	app.InvalidateUserCaches()
 	if len(errors) == len(req.Users) {
 		respondBool(500, false, gc)
 		app.err.Printf(lm.FailedDeleteUsers, lm.Jellyfin, errors[req.Users[0]])
@@ -1179,7 +1179,7 @@ func (app *appContext) ApplySettings(gc *gin.Context) {
 
 	} else if req.From == "user" {
 		applyingFromType = lm.User
-		app.jf.CacheExpiry = time.Now()
+		app.InvalidateJellyfinCache()
 		user, err := app.jf.UserByID(req.ID, false)
 		if err != nil {
 			app.err.Printf(lm.FailedGetUser, req.ID, lm.Jellyfin, err)
diff --git a/housekeeping-d.go b/housekeeping-d.go
index be0d2da..b3bba57 100644
--- a/housekeeping-d.go
+++ b/housekeeping-d.go
@@ -140,7 +140,7 @@ func newHousekeepingDaemon(interval time.Duration, app *appContext) *GenericDaem
 	clearPWR := app.config.Section("captcha").Key("enabled").MustBool(false) && !app.config.Section("captcha").Key("recaptcha").MustBool(false)
 
 	if clearEmail || clearDiscord || clearTelegram || clearMatrix {
-		d.appendJobs(func(app *appContext) { app.jf.CacheExpiry = time.Now() })
+		d.appendJobs(func(app *appContext) { app.InvalidateJellyfinCache() })
 	}
 
 	if clearEmail {
diff --git a/user-d.go b/user-d.go
index d1a6232..d118a6d 100644
--- a/user-d.go
+++ b/user-d.go
@@ -104,7 +104,7 @@ func (app *appContext) checkUsers() {
 			expiry.DeleteAfterPeriod = true
 			app.storage.SetUserExpiryKey(user.ID, expiry)
 		}
-		app.jf.CacheExpiry = time.Now()
+		app.InvalidateJellyfinCache()
 		if contact {
 			if !ok {
 				continue
diff --git a/usercache.go b/usercache.go
index 8e64888..785feb8 100644
--- a/usercache.go
+++ b/usercache.go
@@ -10,13 +10,24 @@ import (
 	"time"
 )
 
-// FIXME: Invalidate cache on delete/modify/etc.
-
 const (
 	USER_DEFAULT_SORT_FIELD     = "name"
 	USER_DEFAULT_SORT_ASCENDING = true
 )
 
+func (app *appContext) InvalidateUserCaches() {
+	app.InvalidateJellyfinCache()
+	app.InvalidateWebUserCache()
+}
+
+func (app *appContext) InvalidateJellyfinCache() {
+	app.jf.CacheExpiry = time.Now()
+}
+
+func (app *appContext) InvalidateWebUserCache() {
+	app.userCache.LastSync = time.Time{}
+}
+
 // UserCache caches the transport representation of users,
 // complementing the built-in cache of the mediabrowser package.
 // Synchronisation runs in the background and consumers receive
diff --git a/users.go b/users.go
index f4345a7..242c355 100644
--- a/users.go
+++ b/users.go
@@ -99,8 +99,8 @@ func (app *appContext) NewUserPostVerification(p NewUserParams) (out NewUserData
 		return
 	}
 	out.Created = true
-	// Invalidate Cache to be safe
-	app.jf.CacheExpiry = time.Now()
+	// Invalidate cache to be safe
+	app.InvalidateUserCaches()
 
 	app.storage.SetActivityKey(shortuuid.New(), Activity{
 		Type:       ActivityCreation,