From 57d2a6a6e3abc562bf7d5a333188a7a9bcce72b1 Mon Sep 17 00:00:00 2001
From: giles <giles.bradshaw@sigyl.com>
Date: Wed, 25 Feb 2026 01:42:02 +0000
Subject: [PATCH] Fix stale g.user after grant revocation on logout

_load_user runs before _check_auth_state, so g.user was already set
when the grant was found revoked. The session was cleared but g.user
stayed populated, causing the template to render the signed-in UI
for one request after logout. Now sets g.user = None alongside the
session clear.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 shared/infrastructure/factory.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/shared/infrastructure/factory.py b/shared/infrastructure/factory.py
index 6505890..b6b6e52 100644
--- a/shared/infrastructure/factory.py
+++ b/shared/infrastructure/factory.py
@@ -179,6 +179,7 @@ def create_base_app(
                         qs.pop("uid", None)
                         qs.pop("grant_token", None)
                         qs.pop("cart_sid", None)
+                        g.user = None
                         return
 
                 from sqlalchemy import select
@@ -199,6 +200,7 @@ def create_base_app(
                     qs.pop("uid", None)
                     qs.pop("grant_token", None)
                     qs.pop("cart_sid", None)
+                    g.user = None
                 return
 
             # Case 2: not logged in — prompt=none OAuth (GET, non-HTMX only)