fix: only show session-expired alert when user had a valid session

Added hadValidSessionRef to track whether the user was ever authenticated during this page load. setSessionExpired() in silentRefresh now only fires when the ref is true, preventing the alert on direct visits by unauthenticated users. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-28 12:16:26 +02:00
parent d1c5234a03
commit 12289bdce3
1 changed files with 7 additions and 1 deletions
--- a/src/admin/context/AuthContext.tsx
+++ b/src/admin/context/AuthContext.tsx
@@ -90,6 +90,7 @@ export function AuthProvider({ children }: { children: ReactNode }) {
  const cachedUserRef = useRef<User | null>(null);
  const sessionFetchedRef = useRef(false);
  const silentRefreshInFlightRef = useRef<Promise<boolean> | null>(null);
+  const hadValidSessionRef = useRef(false);
  const [user, setUser] = useState<User | null>(cachedUserRef.current);
  const [loading, setLoading] = useState(!sessionFetchedRef.current);
  const [error, setError] = useState<string | null>(null);
@@ -138,13 +139,14 @@ export function AuthProvider({ children }: { children: ReactNode }) {
        if (data.success && data.data?.access_token) {
          setAccessTokenFn(data.data.access_token, data.data.expires_in);
          setUser(mapUser(data.data.user));
+          hadValidSessionRef.current = true;
          return true;
        }
        accessTokenRef.current = null;
        tokenExpiresAtRef.current = null;
        setUser(null);
        cachedUserRef.current = null;
-        setSessionExpired();
+        if (hadValidSessionRef.current) setSessionExpired();
        return false;
      } catch {
        // Network error — don't kick the user out, just return false
@@ -178,6 +180,7 @@ export function AuthProvider({ children }: { children: ReactNode }) {
          if (data.data.access_token) setAccessTokenFn(data.data.access_token);
          setUser(mapUser(data.data.user));
          cachedUserRef.current = mapUser(data.data.user);
+          hadValidSessionRef.current = true;
          return true;
        }
      }
@@ -233,6 +236,7 @@ export function AuthProvider({ children }: { children: ReactNode }) {
          setUser(mapUser(data.data.user));
          cachedUserRef.current = mapUser(data.data.user);
          sessionFetchedRef.current = true;
+          hadValidSessionRef.current = true;
          return { success: true };
        }
        setError(data.error);
@@ -273,6 +277,7 @@ export function AuthProvider({ children }: { children: ReactNode }) {
          setUser(mapUser(data.data.user));
          cachedUserRef.current = mapUser(data.data.user);
          sessionFetchedRef.current = true;
+          hadValidSessionRef.current = true;
          return { success: true };
        }
        setError(data.error);
@@ -302,6 +307,7 @@ export function AuthProvider({ children }: { children: ReactNode }) {
      setUser(null);
      cachedUserRef.current = null;
      sessionFetchedRef.current = false;
+      hadValidSessionRef.current = false;
      if (refreshTimeoutRef.current) {
        clearTimeout(refreshTimeoutRef.current);
        refreshTimeoutRef.current = null;