fix(auth): prevent anonymous session creation on auth pages

Avoid bootstrapping anonymous sessions when users are on sign-in or sign-up
pages to prevent overwriting account-scoped preferences after login. Adjust
loading logic to account for this scenario.
This commit is contained in:
Richard R 2026-06-09 10:53:01 -06:00
parent 335b78b435
commit d581df6f88

View file

@ -148,6 +148,17 @@ export function AuthLoader({ children }: { children: ReactNode }) {
return;
}
// Don't bootstrap a throwaway anonymous session while the user is on the
// sign-in / sign-up pages. An anonymous user created here would be linked
// into their account on login (onLinkAccount), clobbering account-scoped
// preferences such as the changelog "last seen version" and re-showing the
// changelog on every fresh login.
if (isAuthPage) {
setIsAutoLoggingIn(false);
setBootstrapError(null);
return;
}
// Avoid double-calling anonymous sign-in (e.g. React strict mode).
if (attemptedForNullSessionRef.current) return;
attemptedForNullSessionRef.current = true;
@ -244,7 +255,7 @@ export function AuthLoader({ children }: { children: ReactNode }) {
const shouldBlockForDisallowedAnonymous =
!allowAnonymousAuthSessions && Boolean(session?.user?.isAnonymous);
const isLoading = (
(allowAnonymousAuthSessions && (isPending || isAutoLoggingIn || !session)) ||
(allowAnonymousAuthSessions && !isAuthPage && (isPending || isAutoLoggingIn || !session)) ||
(!allowAnonymousAuthSessions && !isAuthPage && (
isPending || isRedirecting || shouldBlockForProtectedNoSession || shouldBlockForDisallowedAnonymous
))