From 3d71296f7b32d8cc472b5cd0967276cdb4fde799 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Yusufhan=20Sa=C3=A7ak?= <yusufhansacak@icloud.com>
Date: Sat, 7 Feb 2026 12:20:20 +0300
Subject: [PATCH 1/2] fix: clear stale session cache and detect login redirects
 (#323)

- Factory: clear FactorySessionStore when cached cookies fail auth (401/403), preventing stale account data after account switches
- Amp: detect login page redirects in RedirectDiagnostics and abort early, avoiding infinite redirect loops on invalid sessions
---
 .../Providers/Amp/AmpUsageFetcher.swift       | 20 +++++++++++++++++++
 .../Factory/FactoryStatusProbe.swift          |  1 +
 2 files changed, 21 insertions(+)

diff --git a/Sources/CodexBarCore/Providers/Amp/AmpUsageFetcher.swift b/Sources/CodexBarCore/Providers/Amp/AmpUsageFetcher.swift
index 02b52ccad..49a3ca259 100644
--- a/Sources/CodexBarCore/Providers/Amp/AmpUsageFetcher.swift
+++ b/Sources/CodexBarCore/Providers/Amp/AmpUsageFetcher.swift
@@ -293,6 +293,16 @@ public struct AmpUsageFetcher: Sendable {
             let from = response.url?.absoluteString ?? "unknown"
             let to = request.url?.absoluteString ?? "unknown"
             self.redirects.append("\(response.statusCode) \(from) -> \(to)")
+
+            // Detect login redirect - indicates invalid session
+            if let toURL = request.url, self.isLoginRedirect(toURL) {
+                if let logger {
+                    logger("[amp] Detected login redirect, aborting (invalid session)")
+                }
+                completionHandler(nil)
+                return
+            }
+
             var updated = request
             if AmpUsageFetcher.shouldAttachCookie(to: request.url), !self.cookieHeader.isEmpty {
                 updated.setValue(self.cookieHeader, forHTTPHeaderField: "Cookie")
@@ -307,6 +317,16 @@ public struct AmpUsageFetcher: Sendable {
             }
             completionHandler(updated)
         }
+
+        private func isLoginRedirect(_ url: URL) -> Bool {
+            let path = url.path.lowercased()
+            let query = url.query?.lowercased() ?? ""
+            return path.contains("/login") ||
+                   path.contains("/signin") ||
+                   path.contains("/sign-in") ||
+                   query.contains("login") ||
+                   query.contains("signin")
+        }
     }
 
     private struct ResponseInfo: Sendable {
diff --git a/Sources/CodexBarCore/Providers/Factory/FactoryStatusProbe.swift b/Sources/CodexBarCore/Providers/Factory/FactoryStatusProbe.swift
index b4994a1d1..4de985db6 100644
--- a/Sources/CodexBarCore/Providers/Factory/FactoryStatusProbe.swift
+++ b/Sources/CodexBarCore/Providers/Factory/FactoryStatusProbe.swift
@@ -651,6 +651,7 @@ public struct FactoryStatusProbe: Sendable {
             } catch {
                 if case FactoryStatusProbeError.notLoggedIn = error {
                     CookieHeaderCache.clear(provider: .factory)
+                    await FactorySessionStore.shared.clearSession()
                 }
                 lastError = error
             }

From 25908928a3db574bc2b1073204f8de3d77d512e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Yusufhan=20Sa=C3=A7ak?= <yusufhansacak@icloud.com>
Date: Sat, 7 Feb 2026 12:31:33 +0300
Subject: [PATCH 2/2] Fix #323: clear stale session cache and handle login
 redirects

- Factory: clear FactorySessionStore alongside CookieHeaderCache when cached cookies fail authentication, preventing stale account data after account switches
- Amp: detect login-page redirects and abort early to avoid redirect loops
- Amp: return invalidCredentials on login redirect instead of generic HTTP 302 errors for clearer UX
---
 Sources/CodexBarCore/Providers/Amp/AmpUsageFetcher.swift | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Sources/CodexBarCore/Providers/Amp/AmpUsageFetcher.swift b/Sources/CodexBarCore/Providers/Amp/AmpUsageFetcher.swift
index 49a3ca259..b8c456a82 100644
--- a/Sources/CodexBarCore/Providers/Amp/AmpUsageFetcher.swift
+++ b/Sources/CodexBarCore/Providers/Amp/AmpUsageFetcher.swift
@@ -261,6 +261,9 @@ public struct AmpUsageFetcher: Sendable {
             if httpResponse.statusCode == 401 || httpResponse.statusCode == 403 {
                 throw AmpUsageError.invalidCredentials
             }
+            if diagnostics.detectedLoginRedirect {
+                throw AmpUsageError.invalidCredentials
+            }
             throw AmpUsageError.networkError("HTTP \(httpResponse.statusCode)")
         }
 
@@ -277,6 +280,7 @@ public struct AmpUsageFetcher: Sendable {
         private let cookieHeader: String
         private let logger: ((String) -> Void)?
         var redirects: [String] = []
+        private(set) var detectedLoginRedirect = false
 
         init(cookieHeader: String, logger: ((String) -> Void)?) {
             self.cookieHeader = cookieHeader
@@ -299,6 +303,7 @@ public struct AmpUsageFetcher: Sendable {
                 if let logger {
                     logger("[amp] Detected login redirect, aborting (invalid session)")
                 }
+                self.detectedLoginRedirect = true
                 completionHandler(nil)
                 return
             }