Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
How I am reproducing this error: Open Inspect => Application => storage => delete cookies
When I delete cookies and click on any of the links on the application, the request will receive a 401 response but the app won't be redirected to the login page. So, I have added the following code to my HTTP client.
client.interceptors.response.use(null, (error) => {
//added code
if (error.response.status === 401) {
window.location.href = "/";
}
return Promise.reject(error);
});
This will redirect the user to the login page, but instantly it will redirect the user to the dashboard, and again on the dashboard request it will receive 401, then again it will forward the user to the / page, in this way it is sticking in the login page.
My login.jsx
export default function Login() {
...
const { login } = useAuth({
middleware: 'guest',
redirectIfAuthenticated: '/dashboard'
})
...
...
...
}
and, useAuth hook:
export const useAuth = ({middleware, redirectIfAuthenticated} = {}) => {
let navigate = useNavigate();
let params = useParams();
const {data: user, error, mutate} = useSWR('/api/user', () =>
httpClient
.get('/api/user')
.then(res => res.data)
.catch(error => {
if (error.response.status !== 409) throw error
// mutate('/verify-email')
}),
{
revalidateIfStale: false,
revalidateOnFocus: false
}
)
useEffect(() => {
if (middleware === 'guest' && redirectIfAuthenticated && user) navigate(redirectIfAuthenticated)
if (middleware === 'auth' && error) logout()
}, [user, error])
return {
user
}
}
When you cleared the cookies it's expected to return 401 because you're trying to reach a guarded route while your cookies is cleared.
The reason for redirecting to your dashboard instead of login might be because you didn't clear your state inside react itself. If that's the case you react part will act as the user is authenticated.
And clearing the cookies manually, isn't a normal use behavior at all and you shouldn't care about it very much.
@MohamedTammam Thank you for your response. Actually, I was testing by deleting cookies, because on live when the cookies session expired, it was still considering the user as logged in from react side. so, it was redirecting the user to the dashboard. I wasn't considering any react state to check the authUser, it seems all I had to do was revalidate user on focus.
I find the issue, all I had to do is revalidateOnFocus, so once validation is failed, it automatically redirect user to login page
revalidateIfStale: false,
revalidateOnFocus: true
Please or to participate in this conversation.