From ad806e0427714329e26b019c604068b019cae9c3 Mon Sep 17 00:00:00 2001
From: Usman Baig <mubaig@pm.me>
Date: Sat, 7 Mar 2026 20:02:58 +0100
Subject: [PATCH] fix: remove reload-based stale build recovery to stop login
 loop
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

window.location.reload() causes infinite loops when the CDN keeps
serving cached assets. Instead, silently treat Server Action failures
as no-session — the OAuth flow uses full navigations (window.location.href)
which naturally fetch fresh content from the server on return.
---
 app/auth/callback/page.tsx |  9 +--------
 lib/auth/context.tsx       | 26 ++++----------------------
 2 files changed, 5 insertions(+), 30 deletions(-)

diff --git a/app/auth/callback/page.tsx b/app/auth/callback/page.tsx
index 3b630ae..0452bf5 100644
--- a/app/auth/callback/page.tsx
+++ b/app/auth/callback/page.tsx
@@ -26,14 +26,7 @@ function AuthCallbackContent() {
     try {
       result = await exchangeAuthCode(code, codeVerifier, redirectUri)
     } catch {
-      // * Stale build — cached JS has old Server Action hashes. Hard reload once to fix.
-      const key = 'pulse_reload_for_stale_build'
-      if (!sessionStorage.getItem(key)) {
-        sessionStorage.setItem(key, '1')
-        window.location.reload()
-        return
-      }
-      sessionStorage.removeItem(key)
+      // * Stale build or network error — show error so user can retry via full navigation
       setError('Something went wrong. Please try logging in again.')
       return
     }
diff --git a/lib/auth/context.tsx b/lib/auth/context.tsx
index b6a9944..db49ca7 100644
--- a/lib/auth/context.tsx
+++ b/lib/auth/context.tsx
@@ -135,20 +135,10 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
         let session: Awaited<ReturnType<typeof getSessionAction>> = null
         try {
           session = await getSessionAction()
-          sessionStorage.removeItem('pulse_reload_for_stale_build')
         } catch {
-          // * Stale build — browser has cached JS with old Server Action hashes.
-          // * Force a hard reload once to fetch fresh bundles. Guard prevents infinite loop.
-          const key = 'pulse_reload_for_stale_build'
-          if (!sessionStorage.getItem(key)) {
-            sessionStorage.setItem(key, '1')
-            window.location.reload()
-            return
-          }
-          sessionStorage.removeItem(key)
-          // * Reload didn't fix it — treat as no session
-          setLoading(false)
-          return
+          // * Stale build — treat as no session. The login page will redirect
+          // * to the auth service via window.location.href (full navigation),
+          // * which fetches fresh HTML/JS from the server on return.
         }
 
         // * 2. If no access_token but refresh_token may exist, try refresh (fixes 15-min inactivity logout)
@@ -162,15 +152,7 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
             try {
               session = await getSessionAction()
             } catch {
-              const key = 'pulse_reload_for_stale_build'
-              if (!sessionStorage.getItem(key)) {
-                sessionStorage.setItem(key, '1')
-                window.location.reload()
-                return
-              }
-              sessionStorage.removeItem(key)
-              setLoading(false)
-              return
+              // * Stale build — fall through as no session
             }
           }
         }