fix(auth): prevent re-entrant logout calls on session expiry (#7779)

# Motivation

When the session expires, `logout()` calls `authStore.signOut()` which
sets identity to `null`. This triggers reactive cascades where in-flight
services call `getAuthenticatedIdentity()`, see the missing identity,
and each independently call `logout()` again. Each call appends
duplicate URL params via `.append()` before the browser reloads, which
can lead to oversized headers (HTTP 431).

Related to:
https://forum.dfinity.org/t/proposal-140767-to-upgrade-the-nns-dapp-2026-03-06/65145/4?u=yhabib

# Changes

- Added a `logoutInProgress` re-entrancy guard to `logout()` so only the
first call proceeds.
- Switched `appendMsgToUrl` from `searchParams.append()` to
`searchParams.set()` to prevent duplicate URL params as a secondary
defense.

# Tests

- Added a test verifying concurrent logout calls only trigger one
`signOut` and one `reload`.

# Todos

- [x] Accessibility (a11y) – any impact?
- [x] Changelog – is it needed?

Author: yhabib

.config/spellcheck.dic

@@ -77,3 +77,4 @@ nns-functions
 SEV
 SNP
 dropdowns
+params

CHANGELOG-Nns-Dapp-unreleased.md

@@ -24,6 +24,8 @@ proposal is successful, the changes it released will be moved from this file to
 
 #### Fixed
 
+- Fix re-entrant logout calls causing duplicate URL params and browser freeze on session expiry.
+
 #### Security
 
 #### Not Published

frontend/src/lib/services/auth.services.ts

@@ -4,6 +4,7 @@ import { startBusy } from "$lib/stores/busy.store";
 import { toastsError, toastsShow } from "$lib/stores/toasts.store";
 import type { ToastMsg } from "$lib/types/toast";
 import { replaceHistory } from "$lib/utils/route.utils";
+import { registerCleanupForTesting } from "$lib/utils/test-support.utils";
 import type { ToastLevel } from "@dfinity/gix-components";
 import type { Identity } from "@icp-sdk/core/agent";
 import { AnonymousIdentity } from "@icp-sdk/core/agent";
@@ -12,6 +13,12 @@ import { get } from "svelte/store";
 const msgParam = "msg";
 const levelParam = "level";
 
+let logoutInProgress = false;
+
+registerCleanupForTesting(() => {
+  logoutInProgress = false;
+});
+
 export const login = async () => {
   const onError = (err: unknown) => {
     if (err === "UserInterrupt") {
@@ -33,6 +40,14 @@ export const logout = async ({
 }: {
   msg?: Pick<ToastMsg, "labelKey" | "level">;
 }) => {
+  // Prevent re-entrant logout calls. When authStore.signOut() sets identity
+  // to null, reactive cascades can cause multiple services to detect the
+  // missing identity and each independently call logout() again, appending
+  // duplicate URL params before the browser reloads.
+  if (logoutInProgress) return;
+
+  logoutInProgress = true;
+
   // To mask not operational UI (a side effect of sometimes slow JS loading after window.reload because of service worker and no cache).
   startBusy({ initiator: "logout" });
 
@@ -95,8 +110,8 @@ const appendMsgToUrl = (msg: Pick<ToastMsg, "labelKey" | "level">) => {
 
   const url: URL = new URL(window.location.href);
 
-  url.searchParams.append(msgParam, encodeURI(labelKey));
-  url.searchParams.append(levelParam, level);
+  url.searchParams.set(msgParam, encodeURI(labelKey));
+  url.searchParams.set(levelParam, level);
 
   replaceHistory(url);
 };

frontend/src/tests/lib/services/auth.services.spec.ts

@@ -185,6 +185,20 @@ describe("auth-services", () => {
 
       spy.mockClear();
     });
+
+    it("should not call logout twice when called concurrently", async () => {
+      const reloadSpy = vi.spyOn(window.location, "reload");
+      const signOutSpy = vi.spyOn(authStore, "signOut");
+
+      await Promise.all([
+        logout({ msg: { labelKey: "warning.auth_sign_out", level: "warn" } }),
+        logout({ msg: { labelKey: "warning.auth_sign_out", level: "warn" } }),
+        logout({ msg: { labelKey: "error.missing_identity", level: "error" } }),
+      ]);
+
+      expect(signOutSpy).toHaveBeenCalledTimes(1);
+      expect(reloadSpy).toHaveBeenCalledTimes(1);
+    });
   });
 
   describe("getCurrentIdentity", () => {