Revert "fix(session): skip wildcard session during register session l…

[broody]

…ogin (#2299)"

This reverts commit 0e418ec.

---

Note

Restores automatic session creation and removes conditional skip paths.

• Always create a session in Controller.login (remove skipSession flag; session is now non-optional)
• Delete isRegisterSessionFlow and related imports; callers no longer pass skipSession
• In SessionProvider, accept full SessionRegistration from startapp query and store directly; drop manual merge and field validation
• Update Turnkey Auth0 redirect check to compare windowUri.pathname against "/session" directly

^{Written by Cursor Bugbot for commit 05129f2. This will update automatically on new commits. Configure here.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
controller-example-next	Ready	Preview	Dec 23, 2025 5:34pm
keychain	Ready	Preview	Dec 23, 2025 5:34pm
keychain-storybook	Ready	Preview	Dec 23, 2025 5:34pm

[claude]

Claude finished @broody's task —— View job

---

Documentation Analysis for Session Management Revert

Analyzed the controller repository changes from this revert and checked if documentation updates are needed in the docs repository.

Todo List:

• Examine the changed files to understand the functional impact of the revert
• Check the docs-repo directory structure and existing documentation
• Identify if session-related documentation needs updates
• Update documentation files if necessary
• Provide summary of changes made

Analysis Summary:

The revert removed a conditional session creation feature that was added to avoid double-signing during session registration. The key changes:

What was reverted:

• skipSession parameter in Controller.login()
• Route detection logic (isRegisterSessionFlow)
• Complex session merge logic in SessionProvider
• The utils/routes.ts file with route constants

What is now restored:

• Sessions are now always created during login (non-optional)
• Simplified session handling - no conditional skip paths
• Direct session registration from startapp query parameters
• Simpler Turnkey redirect logic

Documentation Impact Assessment:

After reviewing the existing documentation in docs-repo/src/pages/controller/, the revert does NOT require documentation updates because:

1. User-facing behavior unchanged: The revert affects internal implementation details, not the public API or user experience
2. No API changes: No changes to Controller, SessionProvider, or connector interfaces that are documented
3. Session behavior remains the same: Users still create sessions the same way through policies
4. Examples still valid: All React, Svelte, and other integration examples remain accurate

The reverted changes were internal optimizations to reduce signature requirements - they didn't change how developers use sessions or configure policies.

Final Summary:

✅ No documentation updates needed - this revert only affects internal session creation logic without changing the public API or user-facing behavior. All existing documentation remains accurate and current.

---

[cursor]

Missing session fields cause undefined sessionKeyGuid after callback

The revert removes the merge logic that provided default values for guardianKeyGuid, metadataHash, and sessionKeyGuid when processing session data from URL callbacks. The callback response (SessionResponse type in keychain) only includes username, address, ownerGuid, expiresAt, and optional transactionHash—it does not include these three fields. Without the merge logic, sessionKeyGuid will be undefined (the SessionAccount constructor has fallbacks for guardianKeyGuid and metadataHash but not sessionKeyGuid). The removed validation block would have caught and cleared such incomplete sessions. This causes the SessionAccount to be created with an undefined sessionKeyGuid, likely causing WASM errors.