revert login fix for web#2270
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 58c5502a78
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| return response | ||
| } | ||
|
|
||
| val refreshedChocolate = refreshChocolate() ?: return response |
There was a problem hiding this comment.
Recheck config after another request refreshes cookies
When multiple VVO requests call config() with an expired cookie at the same time, each can receive the initial login=false response before the mutex is entered. The first caller refreshes and caches the new cookie, but a later caller then runs refreshChocolate() with that already-refreshed cookie; if / returns no new Set-Cookie, this line returns the stale pre-refresh response, so callers such as ensureLogin() can still throw LoginExpiredException even though the credential was refreshed. Re-read config with the current cached cookie when refresh returns null after the mutex path.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ab86d9b5ae
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| private val refreshedAt = MutableStateFlow<Long?>(null) | ||
| val refreshTrackingEnabled: Boolean = lastChocolateRefreshEpochMillisFlow != null | ||
|
|
||
| suspend fun currentChocolate(): String? = refreshedChocolate.value ?: chocolateFlow.firstOrNull() |
There was a problem hiding this comment.
Use updated credentials after relogin
Once refreshedChocolate is populated, currentChocolate() never observes chocolateFlow again. The account repository keeps the existing VVO data source for the account while relogin writes a new credential to the same credential flow, so after an expired cookie path caches the stale value, relogin can update storage but this VVOService will keep sending the old cookie until the app recreates the service. In that expired-cookie/relogin scenario, VVO requests continue to fail even though the user has just supplied a valid cookie.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 435f48516a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| private fun String.toSetCookiePairOrNull(): Pair<String, String>? { | ||
| val cookie = substringBefore(';').toCookiePairOrNull() ?: return null | ||
| return cookie.takeUnless { isExpiredSetCookie() } |
There was a problem hiding this comment.
Remove cookies when Set-Cookie expires them
When the refresh response clears a cookie with Max-Age=0 or an expired Expires, this drops that Set-Cookie entry entirely. Because mergeVvoCookieHeader starts from the existing currentCookieHeader, ignoring the expired entry leaves the old cookie in the merged header, so later VVO requests can keep sending credentials that the server explicitly revoked during rotation or logout; the merge should delete that cookie key instead of skipping it.
Useful? React with 👍 / 👎.
No description provided.