From 16df62e2c44a418b1a1421c8f8854ef0c3690bbd Mon Sep 17 00:00:00 2001
From: giles <giles.bradshaw@sigyl.com>
Date: Mon, 23 Feb 2026 10:56:56 +0000
Subject: [PATCH] =?UTF-8?q?Sign-in=20button=20=E2=86=92=20account=20app,?=
 =?UTF-8?q?=20clear=20old=20shared=20cookie?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Nav sign-in links point to account_url('/') instead of login_url()
- After-request hook clears old blog_session cookie on .rose-ash.com
  (prevents collision with new per-app first-party cookies)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 browser/templates/_types/root/_sign_in.html        | 2 +-
 browser/templates/_types/root/mobile/_sign_in.html | 2 +-
 infrastructure/factory.py                          | 7 +++++++
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/browser/templates/_types/root/_sign_in.html b/browser/templates/_types/root/_sign_in.html
index 3495518..d8777ae 100644
--- a/browser/templates/_types/root/_sign_in.html
+++ b/browser/templates/_types/root/_sign_in.html
@@ -1,6 +1,6 @@
 
   <a
-    href="{{ login_url(request.url) }}"
+    href="{{ account_url('/') }}"
     aria-selected="{{ 'true' if '/auth/login' in request.path else 'false' }}"
     class="justify-center cursor-pointer flex flex-row items-center p-3 gap-2 rounded bg-stone-200 text-black {{select_colours}}"
     data-close-details
diff --git a/browser/templates/_types/root/mobile/_sign_in.html b/browser/templates/_types/root/mobile/_sign_in.html
index 86e06eb..3c92646 100644
--- a/browser/templates/_types/root/mobile/_sign_in.html
+++ b/browser/templates/_types/root/mobile/_sign_in.html
@@ -1,6 +1,6 @@
 
   <a
-    href="{{ login_url(request.url) }}"
+    href="{{ account_url('/') }}"
     aria-selected="{{ 'true' if '/auth/login' in request.path else 'false' }}"
   >
     <i class="fa-solid fa-key"></i>
diff --git a/infrastructure/factory.py b/infrastructure/factory.py
index 7394dc9..114c9dc 100644
--- a/infrastructure/factory.py
+++ b/infrastructure/factory.py
@@ -127,6 +127,13 @@ def create_base_app(
         await protect()
 
     # --- after-request hooks ---
+    # Clear old shared-domain session cookie (migration from .rose-ash.com)
+    @app.after_request
+    async def _clear_old_shared_cookie(response):
+        if request.cookies.get("blog_session"):
+            response.delete_cookie("blog_session", domain=".rose-ash.com", path="/")
+        return response
+
     @app.after_request
     async def _add_hx_preserve_search_header(response):
         value = request.headers.get("X-Search")