Clear session organization on sign out or refresh error#110
Merged
Conversation
nicknisi
approved these changes
Jan 14, 2026
mthadley
approved these changes
Jan 14, 2026
Merged
nholden
added a commit
that referenced
this pull request
Jan 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When a developer's app calls
switchToOrganization, we save the organization ID to session storage so that we preserve the selected organization for the current browsing context (aka browser tab). We never explicitly remove that organization from session storage -- either the developer's app callsswitchToOrganizationagain, overriding that value, or the browser session ends.This is a problem when deleting an organization. If the developers' app switches to an organization that is later deleted, all subsequent token refreshes for that browser session will attempt to use the deleted organization's ID, which will cause the user to be logged out.
This PR prevents users from getting stuck with an invalid organization ID in their session storage. When the user signs out or when a token refresh fails, we'll remove the organization ID from session storage.
Before
before.mp4
After
after.mp4