From b31707661b074beae16005b56d57d4aab627cd59 Mon Sep 17 00:00:00 2001
From: wren <“porlong@qq.com”>
Date: Wed, 29 Apr 2026 18:52:58 +0800
Subject: [PATCH] fix: sync frontend token from server session

---
 app/components/auth/ClientAuthGuard.tsx | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/app/components/auth/ClientAuthGuard.tsx b/app/components/auth/ClientAuthGuard.tsx
index 6000380..f65a715 100644
--- a/app/components/auth/ClientAuthGuard.tsx
+++ b/app/components/auth/ClientAuthGuard.tsx
@@ -31,14 +31,22 @@ export function ClientAuthGuard({ isPublicPath, frontendJWT, userInfo }: ClientA
       return;
     }
 
-    // 优先用服务端 session 回传的数据回填 localStorage，避免刚登录时客户端误判未登录
+    // 优先用服务端 session 回传的数据同步 localStorage。
+    // 不能只在本地没有 token 时才回填，否则本地残留旧 token 会导致：
+    // - SSR 页面可打开（服务端 session 是新的）
+    // - CSR 子页面请求 401（客户端 localStorage 还是旧的）
     const token = localStorage.getItem('access_token');
-    if (!token && frontendJWT) {
+    if (frontendJWT && token !== frontendJWT) {
       localStorage.setItem('access_token', frontendJWT);
-      if (userInfo) {
-        localStorage.setItem('user_info', JSON.stringify(userInfo));
+      console.log('✅ [Auth Guard] 已根据服务端 session 同步最新 access_token');
+    }
+
+    if (userInfo) {
+      const serializedUserInfo = JSON.stringify(userInfo);
+      if (localStorage.getItem('user_info') !== serializedUserInfo) {
+        localStorage.setItem('user_info', serializedUserInfo);
+        console.log('✅ [Auth Guard] 已根据服务端 session 同步最新 user_info');
       }
-      console.log('✅ [Auth Guard] 已根据服务端 session 回填本地认证数据');
     }
 
     const authenticated = isAuthenticated() || !!frontendJWT;