From c83cb1c364a2976e359a4b1cc393266bf60b50ed Mon Sep 17 00:00:00 2001 From: lwzbwtj Date: Sat, 21 Mar 2026 00:14:36 +0800 Subject: [PATCH] fix: ensure session is persisted before OAuth callback returns Fixes race condition where frontend checks session before cookie is set. The issue: OAuth callback completes successfully on backend, but frontend request may hit a race condition or stale session state during redirect, causing 500 error. The fix: Explicitly call configure_session(persist: true) after setting session values to ensure the session cookie is properly saved before the response is sent to the client. Closes #186 --- lib/algora_web/controllers/user_auth.ex | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/algora_web/controllers/user_auth.ex b/lib/algora_web/controllers/user_auth.ex index e3f00b465..ad03ec98a 100644 --- a/lib/algora_web/controllers/user_auth.ex +++ b/lib/algora_web/controllers/user_auth.ex @@ -125,11 +125,18 @@ defmodule AlgoraWeb.UserAuth do |> assign(:current_context, Accounts.get_last_context_user(user)) |> assign(:all_contexts, Accounts.get_contexts(user)) + # Fix: Ensure session is persisted before returning + # This prevents race condition where frontend checks session before cookie is set + conn = + conn + |> configure_session(renew: true) + |> clear_session() + conn - |> renew_session() |> put_session(:user_id, user.id) |> put_session(:last_context, Accounts.last_context(user)) |> put_session(:live_socket_id, "users_sessions:#{user.id}") + |> configure_session(persist: true) end defp renew_session(conn) do