Skip to content

Latest commit

 

History

History
8 lines (6 loc) · 706 Bytes

File metadata and controls

8 lines (6 loc) · 706 Bytes
area webapp
type improvement

When an SSO session is revalidated and the IdP reports it invalid, the user is now sent to the login page with a "Your SSO session expired. Please sign in again." notice instead of seeing a raw sso_session_invalidated 401.

Navigations redirect through /logout (clearing the cookie) to /login?reason=session_expired. Programmatic fetches (Remix fetchers, Electric, etc.) get a 401 carrying an x-sso-session-invalidated marker header that a client-side fetch guard turns into the same logout redirect. EventSource streams, which can't read response headers, probe a new lightweight /resources/session-check endpoint on stream error to trigger the redirect.