Merge pull request #91 from cartsnitch/fix/registration-redirect

fix(auth): wait for session confirmation before post-auth redirect

.github/workflows/ci.yml

@@ -95,7 +95,7 @@ jobs:
         run: |
           CHROME_PATH=$(find /home/runner/.cache/ms-playwright -name chrome -type f 2>/dev/null | head -1)
           npm install -g @lhci/cli
-          LHCI_CHROME_PATH="$CHROME_PATH" lhci autorun
+          CHROME_PATH="$CHROME_PATH" lhci autorun --chrome-flags="--headless=new --no-sandbox --disable-gpu --disable-dev-shm-usage"
 
   build-and-push:
     runs-on: runners-cartsnitch

lighthouserc.json

@@ -3,7 +3,12 @@
     "collect": {
       "staticDistDir": "./dist",
       "url": ["http://localhost:4173/"],
-      "numberOfRuns": 1
+      "numberOfRuns": 1,
+      "settings": {
+        "chromeFlags": ["--headless=new", "--no-sandbox", "--disable-gpu", "--disable-dev-shm-usage"],
+        "skipAudits": ["bf-cache"],
+        "disableFullPageScreenshot": true
+      }
     },
     "assert": {
       "assertions": {
@@ -16,4 +21,4 @@
       "target": "temporary-public-storage"
     }
   }
-}
+}

src/pages/Login.tsx

@@ -31,8 +31,14 @@ export function Login() {
         throw new Error(authError.message ?? 'Sign in failed')
       }
 
-      setAuthenticated(true)
-      navigate('/')
+      // After successful signIn, force a session fetch to confirm the cookie is set
+      // before navigating to the protected route
+      const sessionResult = await authClient.getSession()
+      if (sessionResult.data) {
+        navigate('/')
+      } else {
+        setError('Sign in failed. Please try again.')
+      }
     } catch {
       if (import.meta.env.VITE_MOCK_AUTH === 'true') {
         setAuthenticated(true)

src/pages/Register.tsx

@@ -38,8 +38,15 @@ export function Register() {
         throw new Error(authError.message ?? 'Registration failed')
       }
 
-      setAuthenticated(true)
-      navigate('/')
+      // After successful signUp, force a session fetch to confirm the cookie is set
+      // before navigating to the protected route
+      const sessionResult = await authClient.getSession()
+      if (sessionResult.data) {
+        navigate('/')
+      } else {
+        // Session not established — show success message and link to login
+        setError('Account created! Please sign in.')
+      }
     } catch {
       if (import.meta.env.VITE_MOCK_AUTH === 'true') {
         setAuthenticated(true)