fix: handle 401 gracefully in auth initialization after httpOnly migration

Race condition: the axios 401 interceptor uses a dynamic import, so handleUnauthorized() fires AFTER doInitialize() sets isInitialized=true. handleUnauthorized() then reset isInitialized to false, leaving the app stuck on a loading spinner with no way to recover. Fix: remove isInitialized=false from handleUnauthorized() in all three apps. When handleUnauthorized() redirects via window.location.href, all JS state resets naturally. When it skips the redirect (already on a public page like /login), the app should render normally in an unauthenticated state. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 16:24:58 +02:00
parent b5fcb7c14a
commit 8ace0480ae
3 changed files with 12 additions and 3 deletions
--- a/apps/admin/src/stores/useAuthStore.ts
+++ b/apps/admin/src/stores/useAuthStore.ts
@@ -43,7 +43,10 @@ export const useAuthStore = defineStore('auth', () => {

  function handleUnauthorized() {
    clearState()
-    isInitialized.value = false
+    // Do NOT reset isInitialized — the full page reload (below) resets all JS state.
+    // Resetting it here causes a race condition: the async 401 interceptor fires
+    // after doInitialize() sets isInitialized=true, putting the app back into
+    // a loading state that never resolves.

    if (typeof window !== 'undefined') {
      const publicPaths = ['/login', '/forgot-password', '/reset-password', '/verify-email-change']