Cognito login on localhost requires two sign-in attempts before session becomes active #209
Description
Bug
On local Bloom over HTTPS, Cognito login does not complete on the first attempt. After the first Cognito round-trip, Bloom returns to instead of the dashboard. Clicking the Cognito login button a second time immediately succeeds and lands on the dashboard.
Environment
- Repo: ✗ Plugin 'bloom_lims.cli.users.register': No module named 'daylily_tapdb'
- Local URL:
- Cognito hosted UI domain:
- Redirect URI in use:
Reproduction
-
Open
-
Bloom redirects to
-
Click
-
Browser is sent to:
-
Complete the Cognito-hosted login flow
-
Bloom returns to
-
Click again
-
Second attempt lands on the Bloom dashboard
Expected
The first successful Cognito login should establish the Bloom session and redirect directly to the authenticated dashboard.
Actual
The first successful Cognito login returns the browser to . The session only appears usable on the second attempt.
Impact
This creates a confusing first-run login experience and makes it look like Cognito auth is failing even though the second attempt succeeds.
Initial investigation hint
already stores during the callback and then redirects. Since the second attempt succeeds immediately, investigate whether the first callback is writing session state that is not visible on the next request yet, or whether the redirect target is evaluating auth before the session cookie is fully persisted in the localhost HTTPS flow.
Acceptance criteria
- A single Cognito login attempt from lands on the authenticated Bloom dashboard.
- No extra manual second click is required.
- Add or update coverage for this exact first-login callback flow, preferably in e2e auth coverage and, if useful, a focused callback/session regression test.
Implementation references
Verification expectations
The eventual fix should be verified with:
- Existing callback unit coverage in
- E2E login round-trip coverage in , expanded if needed to catch the first-attempt-returns-to- failure mode