fix(cortex-tui): remove expired token to prevent 'Already Logged In' dialog

factorydroid · factorydroid · commit be57e186415e · 2026-01-27T13:06:07.000Z
When a session expires, the credentials remain in storage which causes
the 'Already Logged In' dialog to appear incorrectly. This fix ensures
that expired credentials are deleted when detected, so users won't be
treated as logged in when their session has actually expired.

Changes:
- In start_login_flow: Delete stale credentials when session is expired
- In run_direct_provider: Delete stale credentials on token expiration
- In run_direct_provider: Delete invalidated credentials when server
  rejects the authentication

Fixes the issue where users see 'Already Logged In' even though their
session has expired.
diff --git a/cortex-tui/src/runner/app_runner.rs b/cortex-tui/src/runner/app_runner.rs
@@ -52,7 +52,7 @@ use crate::session::CortexSession;
 
 use anyhow::Result;
 use cortex_engine::Config;
-use cortex_login::{CredentialsStoreMode, load_auth};
+use cortex_login::{CredentialsStoreMode, load_auth, logout_with_fallback};
 use cortex_protocol::ConversationId;
 use std::path::PathBuf;
 use tracing;
@@ -487,7 +487,11 @@ impl AppRunner {
                 AuthStatus::Authenticated
             }
             Ok(Some(_)) => {
-                // Token expired
+                // Token expired - delete stale credentials so user doesn't appear as "logged in"
+                tracing::info!("Token expired, removing stale credentials");
+                if let Err(e) = logout_with_fallback(&cortex_home) {
+                    tracing::warn!("Failed to remove expired credentials: {}", e);
+                }
                 AuthStatus::Expired
             }
             Ok(None) => {
@@ -524,6 +528,10 @@ impl AppRunner {
                     tracing::warn!(
                         "Server rejected authentication - session may have been revoked"
                     );
+                    // Delete the invalidated credentials
+                    if let Err(e) = logout_with_fallback(&cortex_home) {
+                        tracing::warn!("Failed to remove invalidated credentials: {}", e);
+                    }
                     auth_status = AuthStatus::Expired;
                 }
                 Err(e) => {
diff --git a/cortex-tui/src/runner/event_loop.rs b/cortex-tui/src/runner/event_loop.rs
@@ -4692,7 +4692,7 @@ impl EventLoop {
         use crate::interactive::builders::{
             LoginFlowState, build_already_logged_in_selector, build_login_selector,
         };
-        use cortex_login::{CredentialsStoreMode, load_auth};
+        use cortex_login::{CredentialsStoreMode, load_auth, logout_with_fallback};
 
         // Get cortex home directory
         let cortex_home = match dirs::home_dir() {
@@ -4709,6 +4709,12 @@ impl EventLoop {
                 let interactive = build_already_logged_in_selector();
                 self.app_state.enter_interactive_mode(interactive);
                 return;
+            } else {
+                // Session is expired - delete the expired token so user won't appear as "logged in"
+                tracing::info!("Detected expired session, removing stale credentials");
+                if let Err(e) = logout_with_fallback(&cortex_home) {
+                    tracing::warn!("Failed to remove expired credentials: {}", e);
+                }
             }
         }
 
