Cloud/fix cookie timing race

[christian-byrne]

Summary

Changes

• What:
• Breaking:
• Dependencies:

Review Focus

Screenshots (if applicable)

┆Issue is synchronized with this Notion page by Unito

[github-actions]

🎨 Storybook Build Status

✅ Build completed successfully!

⏰ Completed at: 10/30/2025, 03:48:11 AM UTC

🔗 Links

• 📊 View Workflow Run
• 🎨 View Storybook

---

🎉 Your Storybook is ready for review!

[github-actions]

🎭 Playwright Test Results

⚠️ Tests passed with flaky tests

⏰ Completed at: 10/30/2025, 04:00:32 AM UTC

📈 Summary

• Total Tests: 497
• Passed: 462 ✅
• Failed: 0
• Flaky: 5 ⚠️
• Skipped: 30 ⏭️

📊 Test Reports by Browser

• ✅ chromium: View Report • ✅ 453 / ❌ 0 / ⚠️ 5 / ⏭️ 30
• ✅ chromium-2x: View Report • ✅ 2 / ❌ 0 / ⚠️ 0 / ⏭️ 0
• ✅ chromium-0.5x: View Report • ✅ 1 / ❌ 0 / ⚠️ 0 / ⏭️ 0
• ✅ mobile-chrome: View Report • ✅ 6 / ❌ 0 / ⚠️ 0 / ⏭️ 0

---

🎉 Click on the links above to view detailed test results for each browser configuration.

[github-actions]

Bundle Size Report

Summary

• Raw size: 12.3 MB baseline 12.3 MB — ⚪ 0 B
• Gzip: 2.49 MB baseline 2.49 MB — ⚪ 0 B
• Brotli: 1.96 MB baseline 1.96 MB — ⚪ 0 B
• Bundles: 57 current • 57 baseline

Category Glance
Vendor & Third-Party ⚪ 0 B (5.36 MB) · App Entry Points ⚪ 0 B (3.31 MB) · Other ⚪ 0 B (2.55 MB) · Graph Workspace ⚪ 0 B (718 kB) · Panels & Settings ⚪ 0 B (294 kB) · UI Components ⚪ 0 B (12.3 kB) · + 3 more

Per-category breakdown

App Entry Points — 3.31 MB (baseline 3.31 MB) • ⚪ 0 B

Main entry bundles and manifests

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/index-BtE9DLbG.js	621 kB	621 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/index-C_7RZI3A.js	2.69 MB	2.69 MB	⚪ 0 B	⚪ 0 B	⚪ 0 B

Graph Workspace — 718 kB (baseline 718 kB) • ⚪ 0 B

Graph editor runtime, canvas, workflow orchestration

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/GraphView-BxEIQcFs.js	718 kB	718 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B

Views & Navigation — 8.14 kB (baseline 8.14 kB) • ⚪ 0 B

Top-level views, pages, and routed surfaces

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/UserSelectView-i53Ps0bI.js	8.14 kB	8.14 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B

Panels & Settings — 294 kB (baseline 294 kB) • ⚪ 0 B

Configuration panels, inspectors, and settings screens

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/AboutPanel-CrpBXgyJ.js	10.3 kB	10.3 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/CreditsPanel-Iyi3ibAF.js	22 kB	22 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/ExtensionPanel-D3CxB0gb.js	12.1 kB	12.1 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/KeybindingPanel-BIHsrXbR.js	15.2 kB	15.2 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/ServerConfigPanel-URbDB7Ee.js	8.2 kB	8.2 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-B-df0dZe.js	20.7 kB	20.7 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-CI6OKvJn.js	22.9 kB	22.9 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-CXGVj_nD.js	24.5 kB	24.5 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-DfQ6dSJj.js	31.6 kB	31.6 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-DJ2QgDzm.js	25.2 kB	25.2 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-DRNLPMG6.js	23.7 kB	23.7 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-DVVycxDc.js	19.9 kB	19.9 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-G6Dybj1b.js	24.1 kB	24.1 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/settings-M6_GZccG.js	26 kB	26 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/UserPanel-MB6qid11.js	7.91 kB	7.91 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B

UI Components — 12.3 kB (baseline 12.3 kB) • ⚪ 0 B

Reusable component library chunks

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/ComfyQueueButton-CFAaiYFC.js	11.1 kB	11.1 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/UserAvatar.vue_vue_type_script_setup_true_lang-C9bSkTC5.js	1.12 kB	1.12 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B

Data & Services — 10 kB (baseline 10 kB) • ⚪ 0 B

Stores, services, APIs, and repositories

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/keybindingService-DmFQzL7i.js	7.21 kB	7.21 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/serverConfigStore-BRlqNike.js	2.79 kB	2.79 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B

Utilities & Hooks — 1.07 kB (baseline 1.07 kB) • ⚪ 0 B

Helpers, composables, and utility bundles

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/mathUtil-CTARWQ-l.js	1.07 kB	1.07 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B

Vendor & Third-Party — 5.36 MB (baseline 5.36 MB) • ⚪ 0 B

External libraries and shared vendor chunks

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/vendor-other-DZSAGrGi.js	3.22 MB	3.22 MB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/vendor-primevue-PESgPnbc.js	517 B	517 B	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/vendor-three-DjRIbjYR.js	1.41 MB	1.41 MB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/vendor-tiptap-VHwWHAra.js	232 kB	232 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/vendor-vue-COj5Gb4q.js	92.4 kB	92.4 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/vendor-xterm-BZLod3g9.js	407 kB	407 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B

Other — 2.55 MB (baseline 2.55 MB) • ⚪ 0 B

Bundles that do not match a named category

File	Before	After	Δ Raw	Δ Gzip	Δ Brotli
assets/commands-B2KZRBmX.js	15.1 kB	15.1 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/commands-Bw-ckyga.js	13.9 kB	13.9 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/commands-C_NmM85I.js	13.8 kB	13.8 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/commands-CuozCW4W.js	14 kB	14 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/commands-DGfVUJCR.js	16.2 kB	16.2 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/commands-dOJNDogK.js	14.5 kB	14.5 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/commands-DwiE551e.js	14.7 kB	14.7 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/commands-Fw7mvqSy.js	13.1 kB	13.1 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/commands-FXnO1W4Q.js	13.2 kB	13.2 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-Bgu6_Hvd.js	59.5 kB	59.5 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-Bv0L0qvp.js	93 kB	93 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-C3Doz3n_.js	67.6 kB	67.6 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-C7eBl607.js	70.7 kB	70.7 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-CHiV9ds2.js	76.4 kB	76.4 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-CIc79Nts.js	68.5 kB	68.5 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-DK5LmuBm.js	58.8 kB	58.8 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-J1nit7cj.js	66.3 kB	66.3 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/main-W97XgvAQ.js	80.4 kB	80.4 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-8Ef8lY1m.js	196 kB	196 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-BdF8EiZl.js	200 kB	200 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-Bv9Y8Cvp.js	229 kB	229 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-cMdB_wHv.js	179 kB	179 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-CvNWbbtX.js	194 kB	194 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-CwDWxzVz.js	215 kB	215 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-CyPAVHpA.js	191 kB	191 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-D6QTD6bJ.js	181 kB	181 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B
assets/nodeDefs-DKn6VmRJ.js	192 kB	192 kB	⚪ 0 B	⚪ 0 B	⚪ 0 B

[claude]

[architecture] medium Priority

Issue: Module-level variables (inFlightCreateSession, currentCreateController, logoutInProgress) create shared mutable state that could cause issues in environments where the module is imported multiple times
Context: This breaks the isolation principle and could lead to unexpected behavior if useSessionCookie is used across different components or contexts
Suggestion: Move these variables inside the composable factory or use a proper singleton pattern with explicit state management

[claude]

[performance] low Priority

Issue: The isAbortError function could be more efficient with direct property access
Context: The current implementation uses nested checks and type assertions
Suggestion: Simplify to: return error instanceof Error && error.name === 'AbortError'

[claude]

[quality] medium Priority

Issue: Missing error logging for debugging session creation failures
Context: When session creation fails, the error is silently caught if it's an AbortError, but other errors only bubble up without any logging
Suggestion: Add console.debug or appropriate logging for both successful completions and errors to aid in troubleshooting authentication issues

[claude]

[quality] low Priority

Issue: Test uses @ts-expect-error without providing a meaningful error message
Context: Line 25 suppresses TypeScript error for closure variable assignments without explaining why
Suggestion: Add descriptive comment: '@ts-expect-error - resolve and reject are assigned via closure in Promise constructor'

[claude]

Comprehensive PR Review

This review is generated by Claude. It may not always be accurate, as with human reviewers. If you believe that any of the comments are invalid or incorrect, please state why for each. For others, please implement the changes in one way or another.

Review Summary

PR: Cloud/fix cookie timing race (#6398)
Impact: 225 additions, 27 deletions across 2 files

Issue Distribution

• Critical: 0
• High: 0
• Medium: 2
• Low: 2

Category Breakdown

• Architecture: 1 issues
• Security: 0 issues
• Performance: 1 issues
• Code Quality: 2 issues

Key Findings

Architecture & Design

The PR successfully addresses a race condition in session management by introducing:

• Singleton Pattern: Uses VueUse's createSingletonPromise to ensure only one session creation request occurs at a time
• Request Cancellation: Implements proper AbortController usage to cancel in-flight requests during logout
• State Synchronization: Coordinates between create and delete operations with shared state variables

However, the module-level state variables (inFlightCreateSession, currentCreateController, logoutInProgress) could cause isolation issues if the module is imported multiple times.

Security Considerations

The authentication flow appears secure:

• Proper credential handling with credentials: include
• Auth headers from Firebase Auth Store are correctly applied
• Error messages don't leak sensitive information
• Session deletion properly cleans up state

Performance Impact

The implementation is generally efficient:

• Request deduplication prevents redundant API calls
• Proper cleanup of AbortController instances
• Minor optimization opportunity in error checking utility function

Integration Points

This change affects:

• Cloud authentication flow
• Session lifecycle management
• Firebase Auth Store integration
• Any components that call createSession/deleteSession

Positive Observations

• Comprehensive Testing: The test suite covers both primary use cases - deduplication and abort scenarios
• Proper Error Handling: Includes appropriate error boundaries and type checking
• Clean API: Maintains the same public interface while fixing the race condition
• Modern Patterns: Uses current best practices with AbortController and VueUse utilities

References

• Repository Architecture Guide: https://github.com/Comfy-Org/comfy-claude-prompt-library/blob/master/project-summaries-for-agents/ComfyUI_frontend/REPOSITORY_GUIDE.md
• VueUse Documentation: https://vueuse.org/shared/createSingletonPromise/

Next Steps

1. Address module-level state isolation concern before merge
2. Consider adding debug logging for authentication troubleshooting
3. Minor performance optimization in error checking function
4. Enhance @ts-expect-error comments in tests

---

This is a comprehensive automated review. For architectural decisions requiring human judgment, please request additional manual review.