Skip to content

feat(FR-2189): add concurrent login session guard with force-login support#6174

Open
nowgnuesLee wants to merge 1 commit intomainfrom
feat/FR-2189-concurrent-login-session-guard
Open

feat(FR-2189): add concurrent login session guard with force-login support#6174
nowgnuesLee wants to merge 1 commit intomainfrom
feat/FR-2189-concurrent-login-session-guard

Conversation

@nowgnuesLee
Copy link
Copy Markdown
Contributor

@nowgnuesLee nowgnuesLee commented Mar 26, 2026
edited
Loading

resolves #5711 FR-2189

Summary

  • Handle 409 Conflict responses from POST /server/login when another active session exists
  • Show a centered modal.confirm() dialog allowing users to force-login and terminate existing sessions
  • Add force parameter to client.login() that signals the server to terminate existing sessions
  • Persist force-login approval across retries (e.g., TOTP expiration after force approval) via forceLoginApprovedRef
  • Skip confirm modal during silent re-login attempts (page refresh) — only show for user-initiated login
  • Add i18n keys for EN/KO (login.ConcurrentSessionTitle, login.ConcurrentSessionDetected, login.ProceedLogin)
  • Include spec document for the concurrent login session guard feature

CleanShot 2026-03-30 at 16.43.14@2x.png

Test plan

  • Login with valid credentials when another session is active → confirm modal appears
  • Click "Proceed to Login" → existing session terminated, new login succeeds
  • Click "Cancel" → returns to login form with credentials preserved
  • TOTP + concurrent session: approve force → TOTP expires → re-enter OTP → auto-includes force=true
  • Page refresh does not show concurrent session modal (silent re-login)
  • Verify i18n keys render correctly in EN and KO

🤖 Generated with Claude Code

@github-actions github-actions bot added area:lib Library and SDK related issue. area:ux UI / UX issue. area:i18n Localization size:L 100~500 LoC labels Mar 26, 2026
@nowgnuesLee Graphite App
Copy link
Copy Markdown
Contributor Author

nowgnuesLee commented Mar 26, 2026

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

  • flow:merge-queue - adds this PR to the back of the merge queue
  • flow:hotfix - for urgent changes, fast-track this PR to the front of the merge queue

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has required the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 26, 2026
edited
Loading

Coverage report for ./react

St.
 Category Percentage Covered / Total
🔴 Statements
8.78% (-0.01% 🔻)
 1543/17571
🔴 Branches
7.57% (-0% 🔻)
 930/12282
🔴 Functions
5.68% (-0% 🔻)
 278/4893
🔴 Lines
8.46% (-0.01% 🔻)
 1446/17099

Test suite run success

784 tests passing in 37 suites.

Report generated by 🧪jest coverage report action from dbe304b

@nowgnuesLee nowgnuesLee force-pushed the feat/FR-2189-concurrent-login-session-guard branch 2 times, most recently from 648bcc1 to 3412ed6 Compare March 27, 2026 04:15
@github-actions github-actions bot added size:XL 500~ LoC and removed size:L 100~500 LoC labels Mar 27, 2026
@nowgnuesLee nowgnuesLee force-pushed the feat/FR-2189-concurrent-login-session-guard branch from 3412ed6 to 7fc9981 Compare March 27, 2026 08:39
@nowgnuesLee nowgnuesLee marked this pull request as ready for review March 27, 2026 08:41
Copilot AI review requested due to automatic review settings March 27, 2026 08:41
Copilot AI reviewed Mar 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a user-facing “concurrent login session” guard to the login flow, letting users force-login (terminating existing sessions) when the server rejects login due to an active session, and documenting the intended behavior.

Changes:

  • Extend client.login() to optionally send a force flag and surface 409 Conflict as a distinct error.
  • Handle 409 in LoginView by prompting with a confirm modal and persisting force-approval across retries.
  • Add i18n strings for concurrent-session messaging and include a feature spec document.

Reviewed changes

Copilot reviewed 24 out of 25 changed files in this pull request and generated 22 comments.

Show a summary per file
File Description
src/lib/backend.ai-client-esm.ts Adds force parameter support and 409 Conflict handling for session login.
react/src/components/LoginView.tsx Shows a confirm modal for concurrent sessions and retries login with force=true after user approval.
resources/i18n/en.json Adds concurrent-session strings and “Proceed to Login” label.
resources/i18n/ko.json Adds concurrent-session strings and “ProceedLogin” label.
resources/i18n/de.json Adds concurrent-session title/content translations.
resources/i18n/el.json Adds concurrent-session title/content translations.
resources/i18n/es.json Adds concurrent-session title/content translations.
resources/i18n/fi.json Adds concurrent-session title/content translations.
resources/i18n/fr.json Adds concurrent-session title/content translations.
resources/i18n/id.json Adds concurrent-session title/content translations.
resources/i18n/it.json Adds concurrent-session title/content translations.
resources/i18n/ja.json Adds concurrent-session title/content translations.
resources/i18n/mn.json Adds concurrent-session title/content translations.
resources/i18n/ms.json Adds concurrent-session title/content translations.
resources/i18n/pl.json Adds concurrent-session title/content translations.
resources/i18n/pt.json Adds concurrent-session title/content translations.
resources/i18n/pt-BR.json Adds concurrent-session title/content translations.
resources/i18n/ru.json Adds concurrent-session title/content translations.
resources/i18n/th.json Adds concurrent-session title/content translations.
resources/i18n/tr.json Adds concurrent-session title/content translations.
resources/i18n/vi.json Adds concurrent-session title/content translations.
resources/i18n/zh-CN.json Adds concurrent-session title/content translations.
resources/i18n/zh-TW.json Adds concurrent-session title/content translations.
.specs/draft-concurrent-login-guard/spec.md Adds the feature specification and scenarios/acceptance criteria.

@nowgnuesLee
feat(FR-2189): add concurrent login session guard with force-login su…
dbe304b 
…pport

Handle 409 Conflict responses from the login API when another active
session exists. Shows a confirm modal allowing users to force-login
and terminate existing sessions. Supports TOTP retry scenarios by
persisting force approval across login attempts via ref.
@nowgnuesLee nowgnuesLee force-pushed the feat/FR-2189-concurrent-login-session-guard branch from 7fc9981 to dbe304b Compare March 30, 2026 07:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@agatha197 agatha197 Awaiting requested review from agatha197

@ironAiken2 ironAiken2 Awaiting requested review from ironAiken2

@yomybaby yomybaby Awaiting requested review from yomybaby

At least 1 approving review is required to merge this pull request.

Assignees

@nowgnuesLee nowgnuesLee

Labels

area:i18n Localization area:lib Library and SDK related issue. area:ux UI / UX issue. needs-backend size:XL 500~ LoC

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

WebUI: Implement login session concurrency limit UI

2 participants

@nowgnuesLee