diff --git a/src/app/client-login/page.tsx b/src/app/client-login/page.tsx index d309f9e..4c4a63c 100644 --- a/src/app/client-login/page.tsx +++ b/src/app/client-login/page.tsx @@ -33,20 +33,14 @@ export default function ClientLoginPage() { return; } - // Hydrate Supabase client with the session from the API response so - // AuthContext picks it up immediately and the next render of - // /contributor sees an authenticated user (no flash of logged-out - // state, no race against cookie propagation). - if (data.session?.access_token && data.session?.refresh_token) { - await supabase.auth.setSession({ - access_token: data.session.access_token, - refresh_token: data.session.refresh_token, - }); - } - - // Redirect to contributor dashboard (fresh session in AuthContext) - router.push('/contributor'); - router.refresh(); + // The wp-login API has already set the supabase session cookie via + // its NextResponse. Do a HARD reload to /contributor so the server + // re-renders with that cookie and the browser supabase client + // boots up reading it from document.cookie. Avoids the cookie-flag + // mismatch that happens if we try to setSession() client-side + // (browser client writes Secure;SameSite=None, server writes + // SameSite=Lax — they conflict). + window.location.href = '/contributor'; } catch (err: any) { setError(err.message || 'An error occurred'); console.error('Login exception:', err);