Skip to content

[BUG] No global 401 handling — expired session strands the user on a broken page #137

Description

@martian56

Summary

There is no global 401 handling. When a cookie session expires mid-session, individual service calls reject but AuthContext is never notified — isAuthenticated stays true, no redirect to /login occurs, and the user is stranded on a protected page where every data fetch fails.

Severity

Medium

Affected code

  • ui/src/api/client.ts:108-114 — response interceptor never inspects error.response?.status; no 401 handling anywhere.
  • ui/src/services/authService.ts:39-46getMe only runs once on mount (AuthContext), so expiry is never detected afterward.

Impact

After session expiry the app keeps rendering protected pages with every request failing; the user must manually reload or log out.

Suggested fix

In the response interceptor, detect error.response?.status === 401 and trigger logout/redirect-to-login (e.g. dispatch an event the AuthProvider listens for, then navigate to /login). Coordinate with the interceptor-error-shape fix so status remains available.

Metadata

Metadata

Assignees

Labels

UIbugSomething isn't working

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions