FEAT: Enhance authentication session management with configurable cookie domain and improved token refresh logic

composables/useCustomAuth.ts

@@ -16,14 +16,20 @@ export const useCustomAuth = () => {
   const authenticated = ref(false)
   const loading = ref(true)
   const refreshing = ref(false)
+  const retryCount = ref(0)
+  const maxRetries = 3
 
-  // Check authentication status
-  const checkAuth = async () => {
+  // Check authentication status with retry logic
+  const checkAuth = async (skipRetry = false) => {
     try {
       loading.value = true
-      const data = await $fetch<AuthState>('/api/auth/session')
+      const data = await $fetch<AuthState>('/api/auth/session', {
+        retry: skipRetry ? 0 : 2,
+        retryDelay: 1000
+      })
       user.value = data.user
       authenticated.value = data.authenticated
+      retryCount.value = 0 // Reset retry count on success
       
       console.log('[CUSTOM_AUTH] Session check result:', {
         authenticated: data.authenticated,
@@ -31,6 +37,17 @@ export const useCustomAuth = () => {
       })
     } catch (error) {
       console.error('[CUSTOM_AUTH] Session check failed:', error)
+      
+      // If it's a network error and we haven't exceeded retry limit, try refresh
+      if (!skipRetry && retryCount.value < maxRetries && (error as any)?.status >= 500) {
+        retryCount.value++
+        console.log(`[CUSTOM_AUTH] Retrying session check (${retryCount.value}/${maxRetries})...`)
+        
+        // Wait a bit before retrying
+        await new Promise(resolve => setTimeout(resolve, 1000 * retryCount.value))
+        return checkAuth(false)
+      }
+      
       user.value = null
       authenticated.value = false
     } finally {
@@ -38,7 +55,7 @@ export const useCustomAuth = () => {
     }
   }
 
-  // Refresh token
+  // Refresh token with better error handling
   const refreshToken = async () => {
     if (refreshing.value) return false
 
@@ -46,22 +63,33 @@ export const useCustomAuth = () => {
       refreshing.value = true
       console.log('[CUSTOM_AUTH] Attempting token refresh...')
       
-      const response = await $fetch<{ success: boolean }>('/api/auth/refresh', {
-        method: 'POST'
+      const response = await $fetch<{ success: boolean; expiresAt?: number }>('/api/auth/refresh', {
+        method: 'POST',
+        retry: 2,
+        retryDelay: 1000
       })
 
       if (response.success) {
         console.log('[CUSTOM_AUTH] Token refresh successful')
-        await checkAuth() // Re-check auth state after refresh
+        await checkAuth(true) // Re-check auth state after refresh, skip retry to avoid loops
         return true
       }
       
       return false
     } catch (error) {
       console.error('[CUSTOM_AUTH] Token refresh failed:', error)
-      // Clear auth state on refresh failure
-      user.value = null
-      authenticated.value = false
+      
+      // Check if it's a 401 (invalid refresh token) vs other errors
+      if ((error as any)?.status === 401) {
+        console.log('[CUSTOM_AUTH] Refresh token invalid, clearing auth state')
+        user.value = null
+        authenticated.value = false
+        return false
+      }
+      
+      // For other errors (network issues, 502, etc.), don't clear auth state immediately
+      // The auto-refresh plugin will handle retries
+      console.log('[CUSTOM_AUTH] Network error during refresh, keeping auth state')
       return false
     } finally {
       refreshing.value = false