From c5db169441fd9e693779c0bfdc810a112fdf8da0 Mon Sep 17 00:00:00 2001
From: CanbiZ <47820557+MickLesk@users.noreply.github.com>
Date: Fri, 28 Nov 2025 13:34:51 +0100
Subject: [PATCH] Fix login race condition: don't call checkAuth after
 successful login

---
 src/app/_components/AuthProvider.tsx | 20 ++++++++++----------
 src/app/api/auth/login/route.ts      |  6 +++++-
 2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/src/app/_components/AuthProvider.tsx b/src/app/_components/AuthProvider.tsx
index 76e81fc..0888081 100644
--- a/src/app/_components/AuthProvider.tsx
+++ b/src/app/_components/AuthProvider.tsx
@@ -97,7 +97,6 @@ export function AuthProvider({ children }: AuthProviderProps) {
 
   const checkAuth = useCallback(() => {
     return checkAuthInternal(0);
-     
   }, []);
 
   const login = async (
@@ -115,17 +114,18 @@ export function AuthProvider({ children }: AuthProviderProps) {
       });
 
       if (response.ok) {
-        const data = (await response.json()) as { username: string };
+        const data = (await response.json()) as {
+          username: string;
+          expirationTime?: number;
+        };
         setIsAuthenticated(true);
         setUsername(data.username);
-
-        // Check auth again to get expiration time
-        // Add a small delay to ensure the httpOnly cookie is available
-        await new Promise<void>((resolve) => {
-          setTimeout(() => {
-            void checkAuth().then(() => resolve());
-          }, 150);
-        });
+        // Set expiration time from login response if available
+        if (data.expirationTime) {
+          setExpirationTime(data.expirationTime);
+        }
+        // Don't call checkAuth after login - we already know we're authenticated
+        // The cookie is set by the server response
         return true;
       } else {
         const errorData = await response.json();
diff --git a/src/app/api/auth/login/route.ts b/src/app/api/auth/login/route.ts
index 9f11a49..dd65a73 100644
--- a/src/app/api/auth/login/route.ts
+++ b/src/app/api/auth/login/route.ts
@@ -41,10 +41,14 @@ export async function POST(request: NextRequest) {
     const sessionDurationDays = authConfig.sessionDurationDays;
     const token = generateToken(username, sessionDurationDays);
 
+    // Calculate expiration time for client
+    const expirationTime = Date.now() + (sessionDurationDays * 24 * 60 * 60 * 1000);
+
     const response = NextResponse.json({ 
       success: true, 
       message: 'Login successful',
-      username 
+      username,
+      expirationTime
     });
 
     // Determine if request is over HTTPS