From 07f49cb45725c48ef37d169850da950e84111534 Mon Sep 17 00:00:00 2001
From: poduck <poduck@smoothschedule.com>
Date: Sat, 20 Dec 2025 12:02:16 -0500
Subject: [PATCH] Clear session and show login when non-platform users access
 platform subdomain
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Instead of redirecting business users to their business subdomain when
they access the platform subdomain, clear their session and show the
platform login page. This is cleaner when masquerading changes tokens
to a tenant user - they can simply log back in as a platform user.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 frontend/src/App.tsx | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/frontend/src/App.tsx b/frontend/src/App.tsx
index a1347b5a..08d24900 100644
--- a/frontend/src/App.tsx
+++ b/frontend/src/App.tsx
@@ -10,7 +10,7 @@ import { useCurrentUser, useMasquerade, useLogout } from './hooks/useAuth';
 import { useCurrentBusiness } from './hooks/useBusiness';
 import { useUpdateBusiness } from './hooks/useBusiness';
 import { usePlanFeatures } from './hooks/usePlanFeatures';
-import { setCookie } from './utils/cookies';
+import { setCookie, deleteCookie } from './utils/cookies';
 
 // Import Login Page
 const LoginPage = React.lazy(() => import('./pages/LoginPage'));
@@ -463,10 +463,13 @@ const AppContent: React.FC = () => {
     return <LoadingScreen />;
   }
 
-  // RULE: Business users on platform subdomain should be redirected to their business subdomain
-  if (isBusinessUser && isPlatformDomain && user.business_subdomain) {
-    const port = window.location.port ? `:${window.location.port}` : '';
-    window.location.href = `${protocol}//${user.business_subdomain}.${baseDomain}${port}/`;
+  // RULE: Non-platform users on platform subdomain should have their session cleared
+  // This handles cases where masquerading changed tokens to a business user
+  if (!isPlatformUser && isPlatformDomain) {
+    deleteCookie('access_token');
+    deleteCookie('refresh_token');
+    localStorage.removeItem('masquerade_stack');
+    window.location.href = '/platform/login';
     return <LoadingScreen />;
   }