feat: Address 404 errors and session management issues, improve authorization middleware to use cached auth state, and adjust auth refresh plugin for better session validation

docs/404-and-session-fixes.md

@@ -4,6 +4,7 @@
 
 1. **404 Error on Expenses Page** - The expenses page was returning a 404 error
 2. **Session Expiration After 404** - Users were getting logged out after encountering the 404 error
+3. **Immediate Session Expiration** - Users were getting logged out immediately after logging in
 
 ## Root Cause Analysis
 
@@ -16,6 +17,11 @@
 - The authentication middleware was incorrectly clearing the session cache on ALL errors (including 404s)
 - This caused a valid session to be invalidated when encountering any page error
 
+### Immediate Logout Cause
+- The authorization middleware was making its own API call, bypassing the session cache
+- The auth refresh plugin's 2-minute periodic validation was conflicting with the 3-minute session cache
+- Multiple concurrent session checks were causing race conditions
+
 ## Fixes Implemented
 
 ### 1. Fixed Expenses Page Metadata
@@ -76,6 +82,29 @@ Created a full dashboard layout with:
 - App bar showing user info and role badges
 - Proper logout functionality
 - Responsive design with rail mode
+- Safe auth state access to prevent initialization errors
+
+### 5. Fixed Authorization Middleware
+**File**: `middleware/authorization.ts`
+
+Updated to use cached auth state instead of making API calls:
+```javascript
+// Get auth state from authentication middleware (already cached)
+const nuxtApp = useNuxtApp();
+const authState = nuxtApp.payload?.data?.authState;
+```
+
+This prevents:
+- Duplicate API calls
+- Race conditions between middlewares
+- Session cache conflicts
+
+### 6. Adjusted Auth Refresh Plugin
+**File**: `plugins/01.auth-refresh.client.ts`
+
+- Changed periodic validation from 2 to 5 minutes to avoid conflicts with 3-minute cache
+- Added failure counting - only logs out after 3 consecutive failures
+- Increased random offset to prevent thundering herd
 
 ## Expected Results
 
@@ -83,6 +112,8 @@ Created a full dashboard layout with:
 2. **404 errors won't cause session expiration** - only actual authentication failures (401) will clear the session
 3. **Better error handling** - 403 errors (insufficient permissions) will redirect to dashboard with a message instead of logging out
 4. **Consistent layout** across all dashboard pages
+5. **No immediate logout** - Session checks are properly coordinated and cached
+6. **Stable session management** - No conflicts between different auth checking mechanisms
 
 ## Testing Steps
 
@@ -95,6 +126,18 @@ Created a full dashboard layout with:
 ## Additional Improvements
 
 - The authorization middleware now stores error messages that are displayed via toast
-- The dashboard layout shows the current user and their role
+- The authorization middleware uses cached auth state instead of making API calls
+- The dashboard layout shows the current user and their role with safe access patterns
 - Navigation menu dynamically shows/hides items based on user roles
 - Session validation continues to work with the 3-minute cache + jitter to prevent race conditions
+- Auth refresh plugin runs validation every 5 minutes to avoid cache conflicts
+- Multiple failure tolerance prevents transient issues from logging users out
+
+## Timing Configuration Summary
+
+- **Session Cache**: 3 minutes (with 0-10 second jitter)
+- **Auth Refresh Validation**: Every 5 minutes (with 0-10 second offset)
+- **Token Refresh**: 5 minutes before token expiry
+- **Failure Tolerance**: 3 consecutive failures before logout
+
+This configuration ensures no timing conflicts between different auth mechanisms.