coop/rose-ash
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix stale g.user after grant revocation on logout
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 4m53s
Details

Browse Source 
_load_user runs before _check_auth_state, so g.user was already set
when the grant was found revoked. The session was cleared but g.user
stayed populated, causing the template to render the signed-in UI
for one request after logout. Now sets g.user = None alongside the
session clear.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
giles
2026-02-25 01:42:02 +00:00
parent e4c7432303
commit 57d2a6a6e3
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
shared/infrastructure/factory.py
View File

@@ -179,6 +179,7 @@ def create_base_app(
qs.pop("uid", None)
qs.pop("grant_token", None)
qs.pop("cart_sid", None)
g.user = None
return
from sqlalchemy import select
@@ -199,6 +200,7 @@ def create_base_app(
qs.pop("uid", None)
qs.pop("grant_token", None)
qs.pop("cart_sid", None)
g.user = None
return
# Case 2: not logged in — prompt=none OAuth (GET, non-HTMX only)