From 6985be65d7cebfaa0dcd680a461b1f0a5200ab2a Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 11 May 2026 03:06:56 +0000
Subject: [PATCH] fix: add sessionStorage backup to prevent mobile add-account
 redirect loop

Agent-Logs-Url: https://github.com/WeWriteApp/WeWrite/sessions/c77ef93d-f613-41f5-9b66-57cf17616c00

Co-authored-by: sirjamesgray <16139439+sirjamesgray@users.noreply.github.com>
---
 app/components/forms/login-form.tsx         | 17 ++++++++++++++++-
 app/components/layout/MobileAccountMenu.tsx |  5 +++++
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/app/components/forms/login-form.tsx b/app/components/forms/login-form.tsx
index e9d09abf..f7453aae 100644
--- a/app/components/forms/login-form.tsx
+++ b/app/components/forms/login-form.tsx
@@ -140,13 +140,28 @@ export function LoginForm() {
     setWarning('');
   }, []);
 
+  // Clear the sessionStorage adding-account flag when leaving the login page so
+  // it does not persist across unrelated future visits.
+  useEffect(() => {
+    return () => {
+      try { sessionStorage.removeItem('wewrite_adding_account'); } catch { /* ignore */ }
+    };
+  }, []);
+
   // Redirect if already authenticated (but not when adding another account)
   useEffect(() => {
     // searchParams can be null before Next.js resolves the URL; hasSearchParam
     // also checks window.location as a fallback so we never accidentally redirect
     // away when the user is in the middle of an add-another-account flow.
     const urlHasSwitchAccount = hasSearchParam(searchParams, 'switchAccount');
-    if (!authLoading && isAuthenticated && !urlHasSwitchAccount) {
+    // Also check sessionStorage as a backup — set by MobileAccountMenu before
+    // navigating here. This covers iOS PWA and other mobile environments where
+    // window.location.href may behave as a soft navigation and the URL param is
+    // not yet detectable at the moment the redirect guard first fires.
+    const sessionHasAddingAccount = (() => {
+      try { return sessionStorage.getItem('wewrite_adding_account') === '1'; } catch { return false; }
+    })();
+    if (!authLoading && isAuthenticated && !urlHasSwitchAccount && !sessionHasAddingAccount) {
       router.push('/home');
     }
   }, [isAuthenticated, authLoading, router, searchParams]);
diff --git a/app/components/layout/MobileAccountMenu.tsx b/app/components/layout/MobileAccountMenu.tsx
index 96910852..3569040d 100644
--- a/app/components/layout/MobileAccountMenu.tsx
+++ b/app/components/layout/MobileAccountMenu.tsx
@@ -131,6 +131,11 @@ export default function MobileAccountMenu() {
     event.preventDefault();
     event.stopPropagation();
     setIsOpen(false);
+    // Set a sessionStorage flag BEFORE navigating so the login page's redirect
+    // guard has a reliable backup signal even if the URL param check fails (e.g.
+    // on iOS PWA where window.location.href may behave as a soft navigation and
+    // useSearchParams can be stale at the moment the guard first fires).
+    try { sessionStorage.setItem('wewrite_adding_account', '1'); } catch { /* ignore */ }
     // Use window.location.href instead of router.push so the page performs a
     // full reload. With router.push (client-side nav) the AuthProvider is
     // already settled (isLoading=false, isAuthenticated=true) and the login