From 52e6f562207db74cf3f6d7c6fe29c730f89d9403 Mon Sep 17 00:00:00 2001
From: Alex <111128610+Alexk2309@users.noreply.github.com>
Date: Mon, 1 Jun 2026 05:52:41 +1000
Subject: [PATCH] fix(auth): clear stored user on logout to prevent empty home
 on relaunch (#1622)

---
 providers/JellyfinProvider.tsx | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/providers/JellyfinProvider.tsx b/providers/JellyfinProvider.tsx
index e6f9853ae..8608222b8 100644
--- a/providers/JellyfinProvider.tsx
+++ b/providers/JellyfinProvider.tsx
@@ -69,6 +69,13 @@ const initialApi = (() => {
 
 const initialUser = (() => {
   try {
+    // Only return a stored user if we also have a token. Otherwise the
+    // user atom would be populated while the api atom is null (e.g. after
+    // a logout that left stale user JSON in storage), which causes
+    // useProtectedRoute to keep us inside the (auth) group instead of
+    // redirecting to /login.
+    const token = storage.getString("token");
+    if (!token) return null;
     const userStr = storage.getString("user");
     if (userStr) {
       return JSON.parse(userStr) as UserDto;
@@ -402,6 +409,7 @@ export const JellyfinProvider: React.FC<{ children: ReactNode }> = ({
         );
 
       storage.remove("token");
+      storage.remove("user");
       clearTVDiscoverySafely();
       setUser(null);
       setApi(null);