diff --git a/backend/app/auth.py b/backend/app/auth.py index ac00fca..685a211 100644 --- a/backend/app/auth.py +++ b/backend/app/auth.py @@ -232,6 +232,12 @@ def current_user(request: Request, db: Session = Depends(get_db)) -> User: if user is None: request.session.clear() raise HTTPException(status_code=401, detail="Not authenticated") + # Always keep the active account in the switchable list — covers sessions created before + # multi-session existed (their account_ids was never seeded), so the switcher isn't empty. + accounts = request.session.get("account_ids") or [] + if user_id not in accounts: + accounts.append(user_id) + request.session["account_ids"] = accounts[-MAX_SESSION_ACCOUNTS:] return user