fix(auth): prevent anonymous session creation on auth pages
Avoid bootstrapping anonymous sessions when users are on sign-in or sign-up pages to prevent overwriting account-scoped preferences after login. Adjust loading logic to account for this scenario.
This commit is contained in:
parent
335b78b435
commit
d581df6f88
1 changed files with 12 additions and 1 deletions
|
|
@ -148,6 +148,17 @@ export function AuthLoader({ children }: { children: ReactNode }) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Don't bootstrap a throwaway anonymous session while the user is on the
|
||||||
|
// sign-in / sign-up pages. An anonymous user created here would be linked
|
||||||
|
// into their account on login (onLinkAccount), clobbering account-scoped
|
||||||
|
// preferences such as the changelog "last seen version" and re-showing the
|
||||||
|
// changelog on every fresh login.
|
||||||
|
if (isAuthPage) {
|
||||||
|
setIsAutoLoggingIn(false);
|
||||||
|
setBootstrapError(null);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// Avoid double-calling anonymous sign-in (e.g. React strict mode).
|
// Avoid double-calling anonymous sign-in (e.g. React strict mode).
|
||||||
if (attemptedForNullSessionRef.current) return;
|
if (attemptedForNullSessionRef.current) return;
|
||||||
attemptedForNullSessionRef.current = true;
|
attemptedForNullSessionRef.current = true;
|
||||||
|
|
@ -244,7 +255,7 @@ export function AuthLoader({ children }: { children: ReactNode }) {
|
||||||
const shouldBlockForDisallowedAnonymous =
|
const shouldBlockForDisallowedAnonymous =
|
||||||
!allowAnonymousAuthSessions && Boolean(session?.user?.isAnonymous);
|
!allowAnonymousAuthSessions && Boolean(session?.user?.isAnonymous);
|
||||||
const isLoading = (
|
const isLoading = (
|
||||||
(allowAnonymousAuthSessions && (isPending || isAutoLoggingIn || !session)) ||
|
(allowAnonymousAuthSessions && !isAuthPage && (isPending || isAutoLoggingIn || !session)) ||
|
||||||
(!allowAnonymousAuthSessions && !isAuthPage && (
|
(!allowAnonymousAuthSessions && !isAuthPage && (
|
||||||
isPending || isRedirecting || shouldBlockForProtectedNoSession || shouldBlockForDisallowedAnonymous
|
isPending || isRedirecting || shouldBlockForProtectedNoSession || shouldBlockForDisallowedAnonymous
|
||||||
))
|
))
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue