From 6db58fae11631a40d8e1470c6d5dc6775f1e9f74 Mon Sep 17 00:00:00 2001
From: Steven <stevenlgtm@gmail.com>
Date: Mon, 2 Feb 2026 21:45:24 +0800
Subject: [PATCH] fix: prevent private memos from disappearing during token
 refresh (#5565)

Root cause: enabled={isInitialized && !!user} prevented displaying cached
data when user auth state transitioned during token refresh.

Changes:
- Remove !!user check from Home page enabled condition
- Add clearAccessToken() in redirectOnAuthFailure for clean logout

Fixes #5565
---
 web/src/pages/Home.tsx         | 2 +-
 web/src/utils/auth-redirect.ts | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/web/src/pages/Home.tsx b/web/src/pages/Home.tsx
index 417a0cd10..25454771e 100644
--- a/web/src/pages/Home.tsx
+++ b/web/src/pages/Home.tsx
@@ -28,7 +28,7 @@ const Home = () => {
         listSort={listSort}
         orderBy={orderBy}
         filter={memoFilter}
-        enabled={isInitialized && !!user} // Wait for contexts to stabilize before fetching
+        enabled={isInitialized}
       />
     </div>
   );
diff --git a/web/src/utils/auth-redirect.ts b/web/src/utils/auth-redirect.ts
index a670a1b3f..9841c438b 100644
--- a/web/src/utils/auth-redirect.ts
+++ b/web/src/utils/auth-redirect.ts
@@ -1,3 +1,4 @@
+import { clearAccessToken } from "@/auth-state";
 import { getInstanceConfig } from "@/instance-config";
 import { ROUTES } from "@/router/routes";
 
@@ -31,6 +32,10 @@ export function redirectOnAuthFailure(): void {
 
   // Only redirect if it's a private route or disallowPublicVisibility is enabled
   if (disallowPublicVisibility || isPrivateRoute(currentPath)) {
+    // Clear access token to ensure user is fully logged out
+    // This prevents the issue where user appears logged in but sees only public memos
+    // See: https://github.com/usememos/memos/issues/5565
+    clearAccessToken();
     window.location.replace(target);
   }
 }