fix(auth): reject expired JWT on session read #2
Reference in New Issue
Block a user
No description provided.
Delete Branch "fix/audit-jwt-expiry-main"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Backports the JWT-expiry check to session read so an expired token redirects to /login instead of mounting an authed shell that 401s on every call. Frontend audit 2026-06-20, rank 1. Pattern from skyai-finance; cn/type-identical. Also clears the localStorage session in onUnauthorized.
🤖 Generated with Claude Code
View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.