From 837d1196d0386ddfd84f88a32a59b080181f27ed Mon Sep 17 00:00:00 2001 From: CartSnitch Engineer Bot Date: Tue, 31 Mar 2026 22:11:20 +0000 Subject: [PATCH] fix(auth): wait for session confirmation before post-auth redirect MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Race condition between signUp/signIn completion and ProtectedRoute's useSession() call caused redirect loops — Better-Auth's session cookie is not immediately visible to useSession() after signUp/signIn resolves. Fix: call authClient.getSession() explicitly after signUp/signIn to synchronize before navigating to protected routes. Fall back to error message if session not confirmed. Also removes dead setAuthenticated() calls that only work in mock mode. Co-Authored-By: Paperclip --- src/pages/Login.tsx | 13 ++++++++----- src/pages/Register.tsx | 14 +++++++++----- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/src/pages/Login.tsx b/src/pages/Login.tsx index bf6b215..6ee9bcf 100644 --- a/src/pages/Login.tsx +++ b/src/pages/Login.tsx @@ -1,7 +1,6 @@ import { useState } from 'react' import { Link, useNavigate } from 'react-router-dom' import { authClient } from '../lib/auth-client.ts' -import { useAuthStore } from '../stores/auth.ts' export function Login() { const [email, setEmail] = useState('') @@ -9,7 +8,6 @@ export function Login() { const [error, setError] = useState('') const [loading, setLoading] = useState(false) const navigate = useNavigate() - const setAuthenticated = useAuthStore((s) => s.setAuthenticated) async function handleSubmit(e: React.FormEvent) { e.preventDefault() @@ -31,11 +29,16 @@ export function Login() { throw new Error(authError.message ?? 'Sign in failed') } - setAuthenticated(true) - navigate('/') + // After successful signIn, force a session fetch to confirm the cookie is set + // before navigating to the protected route + const sessionResult = await authClient.getSession() + if (sessionResult.data) { + navigate('/') + } else { + setError('Sign in failed. Please try again.') + } } catch { if (import.meta.env.VITE_MOCK_AUTH === 'true') { - setAuthenticated(true) navigate('/') } else { setError('Invalid email or password. Please try again.') diff --git a/src/pages/Register.tsx b/src/pages/Register.tsx index a65e7b6..a93317d 100644 --- a/src/pages/Register.tsx +++ b/src/pages/Register.tsx @@ -1,7 +1,6 @@ import { useState } from 'react' import { Link, useNavigate } from 'react-router-dom' import { authClient } from '../lib/auth-client.ts' -import { useAuthStore } from '../stores/auth.ts' export function Register() { const [name, setName] = useState('') @@ -10,7 +9,6 @@ export function Register() { const [error, setError] = useState('') const [loading, setLoading] = useState(false) const navigate = useNavigate() - const setAuthenticated = useAuthStore((s) => s.setAuthenticated) async function handleSubmit(e: React.FormEvent) { e.preventDefault() @@ -38,11 +36,17 @@ export function Register() { throw new Error(authError.message ?? 'Registration failed') } - setAuthenticated(true) - navigate('/') + // After successful signUp, force a session fetch to confirm the cookie is set + // before navigating to the protected route + const sessionResult = await authClient.getSession() + if (sessionResult.data) { + navigate('/') + } else { + // Session not established — show success message and link to login + setError('Account created! Please sign in.') + } } catch { if (import.meta.env.VITE_MOCK_AUTH === 'true') { - setAuthenticated(true) navigate('/') } else { setError('Registration failed. Please try again.')