From b94516ce26e76aaae2e761ad48cfbe81741b2ceb Mon Sep 17 00:00:00 2001 From: Scott Idem Date: Sun, 19 Apr 2026 18:53:26 -0400 Subject: [PATCH] fix(idaa): purge IDB when has_cached_session but $ae_loc has no auth Closes a gap where $ae_loc could be reset externally (sign-out) while $idaa_loc retained novi_verified within TTL, causing Case 2 to return early and skip the IDB purge even though the render gate shows Access Denied. Now Case 2 only preserves the session when $ae_loc also reflects active auth; inconsistent state falls through to Case 1 (purge). Co-Authored-By: Claude Sonnet 4.6 --- src/routes/idaa/(idaa)/+layout.svelte | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/routes/idaa/(idaa)/+layout.svelte b/src/routes/idaa/(idaa)/+layout.svelte index e2216906..b41d0af0 100644 --- a/src/routes/idaa/(idaa)/+layout.svelte +++ b/src/routes/idaa/(idaa)/+layout.svelte @@ -145,8 +145,16 @@ $effect(() => { now - $idaa_loc.novi_verified_ts < ttl_ms; if (has_cached_session) { // Case 2: internal navigation — keep the verified session, nothing to do. - novi_verifying = false; - return; + // BUT: only if $ae_loc also reflects active auth. If $ae_loc was reset + // externally (e.g., sign-out) while $idaa_loc retained novi_verified (within TTL), + // the state is inconsistent — fall through to Case 1 and purge. + if ($ae_loc.trusted_access || $ae_loc.authenticated_access) { + novi_verifying = false; + return; + } + // Inconsistent state — $idaa_loc says verified but $ae_loc has no auth. + // Fall through to Case 1 below to purge stale IDB data. + console.warn('IDAA Layout: has_cached_session but no auth in $ae_loc — purging (inconsistent state).'); } // Case 3: no UUID, no cached Novi session, but user has trusted/manager access. // They are legitimately authenticated via a non-Novi path — do NOT purge.