Context
CJ reported: one successful call (whoami or check) then immediate session expiry, requiring fresh tokens.
PR #6 addressed timezone hardcoding in X-Li-Track, but this symptom can also come from credential mismatch.
Hypothesis
The env card may occasionally provide a stale/mismatched li_at + JSESSIONID pair (tokens from different browser sessions), which can pass one endpoint and fail on the next stricter request.
Proposed work
- Add explicit preflight validation that
li_at and JSESSIONID are from the same active session (best-effort checks).
- Improve error output when deletion redirect is detected, hinting at pair mismatch.
- Document exact token extraction steps in README/env card guidance to avoid mixed pairs.
Acceptance criteria
- Repro case with intentionally mixed tokens produces a clear diagnostic message.
- Correct token pair no longer triggers ambiguous
session expired messaging after first call.
Refs: #6
Context
CJ reported: one successful call (
whoamiorcheck) then immediate session expiry, requiring fresh tokens.PR #6 addressed timezone hardcoding in
X-Li-Track, but this symptom can also come from credential mismatch.Hypothesis
The env card may occasionally provide a stale/mismatched
li_at+JSESSIONIDpair (tokens from different browser sessions), which can pass one endpoint and fail on the next stricter request.Proposed work
li_atandJSESSIONIDare from the same active session (best-effort checks).Acceptance criteria
session expiredmessaging after first call.Refs: #6