client: skip vault sign-out broadcast when nothing existed#70
Merged
Conversation
confirmSignOut called ensureVaultId() (minting variant) at the top. On a fresh tab where the user clicks Sign Out without ever having signed in, that minted a vault_id just to delete it on the next line — and worse, _broadcastSignedOut still fired, telling sibling tabs (which may have an active unrelated vault session) to invalidate caches and tear down their panes for nothing. Fix: use ensureVaultIdIfPresent(); record `preexisting` and gate _broadcastSignedOut + _disconnectAllVaultPanesForNoKey + invalidateVaultCache + _vaultRecentlySignedOut on it. Local wipes (IDB delete, saved-card list, sessionStorage, pane manifest) still run unconditionally as defensive cleanup. Toast message softens to "No saved credentials in this browser to remove" on the empty path. Tests: two regressions — empty-vault path asserts no broadcast, no minted vault_id, and the sign-out flag stays clear; populated-vault path asserts the broadcast still fires (counter-test for the gate).
This was referenced May 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
confirmSignOutcalledensureVaultId()(the minting variant) at the top. On a fresh tab where the user clicks Sign Out without ever having signed in, that minted a freshvault_idjust to delete it on the next line — and worse,_broadcastSignedOutstill fired unconditionally, telling sibling tabs (which may have a live unrelated vault session) to invalidate caches, tear down their panes, and set_vaultRecentlySignedOut(blocking any subsequent saves until they hitdoConnect).User-visible impact: open one tab with an active vault session, open a second clean tab, click Sign Out on the second tab → the first tab's vault panes drop with "Vault key missing" and the next save attempt silently bails.
Fix
Switch to the non-minting
ensureVaultIdIfPresent(). Recordpreexisting(truthy iff there was actually a vault to sign out of) and gate the four broadcast-shaped side-effects on it:_disconnectAllVaultPanesForNoKey()invalidateVaultCache()_vaultRecentlySignedOut = true_broadcastSignedOut()Local-only cleanup (
_idbDeleteof K + vault_id,saveSaved([]),sessionStorage.removeItem, pane manifest filter) still runs unconditionally as defensive housekeeping — the user did click Sign Out, the local list might have orphan rows from an older session, no reason to skip the scrub.Toast copy softens to "No saved credentials in this browser to remove" on the empty path so the click isn't silently no-op.
Tests
Two regression tests in the same
Vault: Sign out of this browserblock:sign out: empty-vault path does NOT mint vault_id or broadcast— fresh tab, noensureVaultIdcalls, click Sign Out, assertbroadcasts === 0(BroadcastChannel.postMessagecapture), IDBvault_idstill empty,_vaultRecentlySignedOut === false.sign out: populated-vault path DOES broadcast to siblings— counter-test for the gate: populate vault, click Sign Out, assertbroadcasts === 1and the flag IS set.Test plan
cd tests/frontend && node test_connect.js— 497 / 0python3 test_server.py -q— 420 / 0 (unchanged; client-only fix)Refs #67 (follow-up from holistic review).