Skip to content

fix(auth): prevent re-entrant logout calls on session expiry#7779

Merged
yhabib merged 4 commits intomainfrom
fix/logout-issue
Mar 10, 2026
Merged

fix(auth): prevent re-entrant logout calls on session expiry#7779
yhabib merged 4 commits intomainfrom
fix/logout-issue

Conversation

@yhabib
Copy link
Contributor

@yhabib yhabib commented Mar 10, 2026
edited
Loading

Motivation

When the session expires, logout() calls authStore.signOut() which sets identity to null. This triggers reactive cascades where in-flight services call getAuthenticatedIdentity(), see the missing identity, and each independently call logout() again. Each call appends duplicate URL params via .append() before the browser reloads, which can lead to oversized headers (HTTP 431).

Related to: https://forum.dfinity.org/t/proposal-140767-to-upgrade-the-nns-dapp-2026-03-06/65145/4?u=yhabib

Changes

  • Added a logoutInProgress re-entrancy guard to logout() so only the first call proceeds.
  • Switched appendMsgToUrl from searchParams.append() to searchParams.set() to prevent duplicate URL params as a secondary defense.

Tests

  • Added a test verifying concurrent logout calls only trigger one signOut and one reload.

Todos

  • Accessibility (a11y) – any impact?
  • Changelog – is it needed?

@yhabib yhabib marked this pull request as ready for review March 10, 2026 10:50
@yhabib yhabib requested a review from a team as a code owner March 10, 2026 10:50
0xFFrancesco
0xFFrancesco reviewed Mar 10, 2026
View reviewed changes
@yhabib yhabib added this pull request to the merge queue Mar 10, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Mar 10, 2026
@yhabib yhabib added this pull request to the merge queue Mar 10, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Mar 10, 2026
@yhabib yhabib added this pull request to the merge queue Mar 10, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Mar 10, 2026
@yhabib yhabib added this pull request to the merge queue Mar 10, 2026
Merged via the queue into main with commit c39d25c Mar 10, 2026
34 checks passed
@yhabib yhabib deleted the fix/logout-issue branch March 10, 2026 17:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@0xFFrancesco 0xFFrancesco 0xFFrancesco approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yhabib @0xFFrancesco