From e7cb31c68565f5a570c62e17c34c2daa28de6e5e Mon Sep 17 00:00:00 2001 From: Alex Kim Date: Mon, 1 Jun 2026 00:53:10 +1000 Subject: [PATCH] fix(auth): clear stored user on logout to prevent empty home on relaunch On logout, only the token was removed from MMKV while the user JSON was left behind. On next app launch, initialUser rehydrated userAtom from the stale storage while apiAtom was correctly null, so useProtectedRoute treated the session as authenticated and the user landed on an empty (auth)/(tabs)/(home) instead of /login. - Remove "user" from storage in logoutMutation alongside "token". - Make initialUser defensive: return null when no token is present so the user/api atoms stay consistent and any pre-existing stale state self-corrects on next launch. --- providers/JellyfinProvider.tsx | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/providers/JellyfinProvider.tsx b/providers/JellyfinProvider.tsx index e6f9853ae..8608222b8 100644 --- a/providers/JellyfinProvider.tsx +++ b/providers/JellyfinProvider.tsx @@ -69,6 +69,13 @@ const initialApi = (() => { const initialUser = (() => { try { + // Only return a stored user if we also have a token. Otherwise the + // user atom would be populated while the api atom is null (e.g. after + // a logout that left stale user JSON in storage), which causes + // useProtectedRoute to keep us inside the (auth) group instead of + // redirecting to /login. + const token = storage.getString("token"); + if (!token) return null; const userStr = storage.getString("user"); if (userStr) { return JSON.parse(userStr) as UserDto; @@ -402,6 +409,7 @@ export const JellyfinProvider: React.FC<{ children: ReactNode }> = ({ ); storage.remove("token"); + storage.remove("user"); clearTVDiscoverySafely(); setUser(null); setApi(null);