Mk
/
supersam
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: persist signed-out flag in sessionStorage to block auto-login after logout

This commit is contained in:
root 2026-05-26 17:53:21 +00:00
parent 8a8446bfec
commit 41e36299b7
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/context/AuthContext.jsx
View File

@ -4,6 +4,7 @@ import { supabase, hasSupabaseConfig } from "../supabaseClient";
const AuthContext = createContext(null); const AuthContext = createContext(null);
const STORAGE_KEY = "construction-auth-local-user"; const STORAGE_KEY = "construction-auth-local-user";
const SIGNED_OUT_FLAG = "supersam-signed-out";
const encodeLocalAuth = (data) => { const encodeLocalAuth = (data) => {
try { try {
@ -119,7 +120,10 @@ export const fetchUserProfile = async (userId) => {
}; };
}; };
/** Clear all auth state from storage — called on explicit signOut */ /** Check if user explicitly signed out (flag survives page refresh via sessionStorage) */
const isSignedOut = () => sessionStorage.getItem(SIGNED_OUT_FLAG) === "1";
/** Clear ALL auth state from storage — called on explicit signOut */
const clearAllAuthStorage = () => { const clearAllAuthStorage = () => {
// Clear Supabase secureStorage keys from sessionStorage // Clear Supabase secureStorage keys from sessionStorage
sessionStorage.removeItem("supersam-auth"); sessionStorage.removeItem("supersam-auth");
@ -127,6 +131,8 @@ const clearAllAuthStorage = () => {
// Clear local auth cache from localStorage // Clear local auth cache from localStorage
localStorage.removeItem(STORAGE_KEY); localStorage.removeItem(STORAGE_KEY);
localStorage.removeItem("construction-auth-role-hint"); localStorage.removeItem("construction-auth-role-hint");
// Set signed-out flag so page refresh doesn't auto-restore session
sessionStorage.setItem(SIGNED_OUT_FLAG, "1");
}; };
export const AuthProvider = ({ children }) => { export const AuthProvider = ({ children }) => {
@ -159,8 +165,8 @@ export const AuthProvider = ({ children }) => {
return; return;
} }
// If user explicitly signed out, don't auto-restore session // Block session restore if user explicitly signed out (ref or sessionStorage flag)
if (signedOutRef.current) { if (signedOutRef.current || isSignedOut()) {
return; return;
} }
@ -188,8 +194,8 @@ export const AuthProvider = ({ children }) => {
return; return;
} }
// Don't restore session if user explicitly signed out // Block session restore if user explicitly signed out (ref or sessionStorage flag)
if (signedOutRef.current) { if (signedOutRef.current || isSignedOut()) {
return; return;
} }
@ -281,6 +287,7 @@ export const AuthProvider = ({ children }) => {
// Clear signedOut flag user is logging in // Clear signedOut flag user is logging in
signedOutRef.current = false; signedOutRef.current = false;
sessionStorage.removeItem(SIGNED_OUT_FLAG);
if (data?.session?.access_token && data?.session?.refresh_token) { if (data?.session?.access_token && data?.session?.refresh_token) {
const { data: sessionData, error: sessionError } = await supabase.auth.setSession({ const { data: sessionData, error: sessionError } = await supabase.auth.setSession({