Mk
/
supersam
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: persist signed-out flag in sessionStorage to block auto-login after logout

This commit is contained in:
root 2026-05-26 17:53:21 +00:00
parent 8a8446bfec
commit 41e36299b7
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/context/AuthContext.jsx
View File

@ -4,6 +4,7 @@ import { supabase, hasSupabaseConfig } from "../supabaseClient";
const AuthContext = createContext(null);
const STORAGE_KEY = "construction-auth-local-user";
const SIGNED_OUT_FLAG = "supersam-signed-out";
const encodeLocalAuth = (data) => {
try {
@ -119,7 +120,10 @@ export const fetchUserProfile = async (userId) => {
};
};
/** Clear all auth state from storage — called on explicit signOut */
/** Check if user explicitly signed out (flag survives page refresh via sessionStorage) */
const isSignedOut = () => sessionStorage.getItem(SIGNED_OUT_FLAG) === "1";
/** Clear ALL auth state from storage — called on explicit signOut */
const clearAllAuthStorage = () => {
// Clear Supabase secureStorage keys from sessionStorage
sessionStorage.removeItem("supersam-auth");
@ -127,6 +131,8 @@ const clearAllAuthStorage = () => {
// Clear local auth cache from localStorage
localStorage.removeItem(STORAGE_KEY);
localStorage.removeItem("construction-auth-role-hint");
// Set signed-out flag so page refresh doesn't auto-restore session
sessionStorage.setItem(SIGNED_OUT_FLAG, "1");
};
export const AuthProvider = ({ children }) => {
@ -159,8 +165,8 @@ export const AuthProvider = ({ children }) => {
return;
}
// If user explicitly signed out, don't auto-restore session
if (signedOutRef.current) {
// Block session restore if user explicitly signed out (ref or sessionStorage flag)
if (signedOutRef.current || isSignedOut()) {
return;
}
@ -188,8 +194,8 @@ export const AuthProvider = ({ children }) => {
return;
}
// Don't restore session if user explicitly signed out
if (signedOutRef.current) {
// Block session restore if user explicitly signed out (ref or sessionStorage flag)
if (signedOutRef.current || isSignedOut()) {
return;
}
@ -281,6 +287,7 @@ export const AuthProvider = ({ children }) => {
// Clear signedOut flag user is logging in
signedOutRef.current = false;
sessionStorage.removeItem(SIGNED_OUT_FLAG);
if (data?.session?.access_token && data?.session?.refresh_token) {
const { data: sessionData, error: sessionError } = await supabase.auth.setSession({