Skip to content

revert login fix for web#2270

Merged
Tlaster merged 3 commits into
masterfrom
bugfix/web-login
Jul 2, 2026
Merged

revert login fix for web#2270
Tlaster merged 3 commits into
masterfrom
bugfix/web-login

Conversation

@Tlaster

@Tlaster Tlaster commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

No description provided.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 58c5502a78

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

return response
}

val refreshedChocolate = refreshChocolate() ?: return response

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Recheck config after another request refreshes cookies

When multiple VVO requests call config() with an expired cookie at the same time, each can receive the initial login=false response before the mutex is entered. The first caller refreshes and caches the new cookie, but a later caller then runs refreshChocolate() with that already-refreshed cookie; if / returns no new Set-Cookie, this line returns the stale pre-refresh response, so callers such as ensureLogin() can still throw LoginExpiredException even though the credential was refreshed. Re-read config with the current cached cookie when refresh returns null after the mutex path.

Useful? React with 👍 / 👎.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ab86d9b5ae

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

private val refreshedAt = MutableStateFlow<Long?>(null)
val refreshTrackingEnabled: Boolean = lastChocolateRefreshEpochMillisFlow != null

suspend fun currentChocolate(): String? = refreshedChocolate.value ?: chocolateFlow.firstOrNull()

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Use updated credentials after relogin

Once refreshedChocolate is populated, currentChocolate() never observes chocolateFlow again. The account repository keeps the existing VVO data source for the account while relogin writes a new credential to the same credential flow, so after an expired cookie path caches the stale value, relogin can update storage but this VVOService will keep sending the old cookie until the app recreates the service. In that expired-cookie/relogin scenario, VVO requests continue to fail even though the user has just supplied a valid cookie.

Useful? React with 👍 / 👎.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 435f48516a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".


private fun String.toSetCookiePairOrNull(): Pair<String, String>? {
val cookie = substringBefore(';').toCookiePairOrNull() ?: return null
return cookie.takeUnless { isExpiredSetCookie() }

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Remove cookies when Set-Cookie expires them

When the refresh response clears a cookie with Max-Age=0 or an expired Expires, this drops that Set-Cookie entry entirely. Because mergeVvoCookieHeader starts from the existing currentCookieHeader, ignoring the expired entry leaves the old cookie in the merged header, so later VVO requests can keep sending credentials that the server explicitly revoked during rotation or logout; the merge should delete that cookie key instead of skipping it.

Useful? React with 👍 / 👎.

@Tlaster Tlaster merged commit 009eba8 into master Jul 2, 2026
10 checks passed
@Tlaster Tlaster deleted the bugfix/web-login branch July 2, 2026 05:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant