From 28cc9e0571c98bb04d216e5fe47aaa503a1e887b Mon Sep 17 00:00:00 2001 From: Tink Date: Wed, 11 Mar 2026 09:37:46 +0100 Subject: [PATCH] fix: prevent authenticated UI flash when server rejects JWT session (#2387) --- frontend/src/stores/auth.ts | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/frontend/src/stores/auth.ts b/frontend/src/stores/auth.ts index b471a729a..aec224245 100644 --- a/frontend/src/stores/auth.ts +++ b/frontend/src/stores/auth.ts @@ -337,7 +337,14 @@ export const useAuthStore = defineStore('auth', () => { } if (isAuthenticated) { - await refreshUserInfo() + const user = await refreshUserInfo() + if (!user) { + // refreshUserInfo() did not return a user — either the + // token vanished or a 4xx triggered logout(). Bail out + // so the stale local `isAuthenticated` doesn't override + // the auth state that logout() already set. + return + } } }