From df32509186ec45db569de6e8b85b9efae8c33b59 Mon Sep 17 00:00:00 2001 From: Barkley Trimsworth Date: Tue, 31 Mar 2026 18:45:08 +0000 Subject: [PATCH] fix(portal): remove sessionAttempted from redirect condition (GRO-309) --- apps/web/src/portal/CustomerPortal.tsx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/apps/web/src/portal/CustomerPortal.tsx b/apps/web/src/portal/CustomerPortal.tsx index 2547664..abd637d 100644 --- a/apps/web/src/portal/CustomerPortal.tsx +++ b/apps/web/src/portal/CustomerPortal.tsx @@ -184,12 +184,12 @@ export function CustomerPortal() { const avatarInitials = (clientName.split(" ")[0] || "G").charAt(0).toUpperCase(); - // After init completes, redirect unauthenticated users to /login and staff to /admin + // After init completes, redirect unauthenticated users to /login and staff to /admin. // The portal chrome must NEVER be visible to users without a valid client session. - // Only redirect if we have NOT attempted a session fetch yet — if a fetch is in-flight - // (E2E mock resolves synchronously, batched with setInitComplete), sessionAttempted - // is still false so we don't redirect prematurely. - if (initComplete && !session && !sessionAttempted) { + // We check !session rather than sessionAttempted because a failed session fetch still + // means we must redirect — sessionAttempted being true only means we attempted to + // create a session, not that one exists. + if (initComplete && !session) { const devUser = getDevUser(); if (devUser && devUser.type === "staff") { return ;