43e58a47d2
Added refresh attempt counter with MAX_REFRESH_ATTEMPTS=3 to prevent infinite refresh loops when token refresh repeatedly fails. Changes: - Added refreshAttempts counter and MAX_REFRESH_ATTEMPTS constant - Check counter before attempting refresh, logout if max reached - Increment counter on each refresh attempt - Reset counter to 0 on successful refresh - Log attempt number in all refresh-related logs - Show user-friendly error message after max attempts Behavior: - After 3 failed refresh attempts, user is logged out automatically - Prevents infinite 401 → refresh → 401 loops - Uses logoutLocal() to avoid triggering another API call - Displays clear error message: "Session expired after multiple attempts" Impact: Eliminates infinite refresh loops, improves UX on persistent auth failures. Fixes: P1.4 from audit AUDIT_TEMP_29_01_2026.md |
||
|---|---|---|
| .. | ||
| web | ||