Description
When a user opens a new browser tab and navigates to https://adcontextprotocol.org/, they appear to be logged out — the UI shows an unauthenticated state. However, clicking "Log in" immediately authenticates them without requiring credentials, suggesting the session is actually valid but not being picked up on initial page load.
Steps to Reproduce
- Be logged in to adcontextprotocol.org
- Open a new browser tab
- Navigate to
https://adcontextprotocol.org/
- Observe: page renders as if user is logged out
- Click "Log in"
- Observe: user is immediately logged in (no credential prompt)
Expected Behavior
The page should recognize the active session on initial load and render the authenticated state without requiring the user to click "Log in."
Actual Behavior
Page renders unauthenticated on load. Clicking "Log in" triggers an immediate silent re-authentication (session cookie / token is valid but not applied on first render).
Likely Cause
This looks like a session hydration issue — the auth token or session cookie exists but is not being read or applied during the initial page render. Possible causes:
- SSR/hydration mismatch where the server-rendered page doesn't pick up the session cookie
- WorkOS AuthKit session not being checked on initial page load in a new tab context
- Race condition between page render and auth state initialization
Impact
Confusing UX — users believe they are logged out and may attempt to re-enter credentials unnecessarily.
Description
When a user opens a new browser tab and navigates to
https://adcontextprotocol.org/, they appear to be logged out — the UI shows an unauthenticated state. However, clicking "Log in" immediately authenticates them without requiring credentials, suggesting the session is actually valid but not being picked up on initial page load.Steps to Reproduce
https://adcontextprotocol.org/Expected Behavior
The page should recognize the active session on initial load and render the authenticated state without requiring the user to click "Log in."
Actual Behavior
Page renders unauthenticated on load. Clicking "Log in" triggers an immediate silent re-authentication (session cookie / token is valid but not applied on first render).
Likely Cause
This looks like a session hydration issue — the auth token or session cookie exists but is not being read or applied during the initial page render. Possible causes:
Impact
Confusing UX — users believe they are logged out and may attempt to re-enter credentials unnecessarily.