web/flows: prevent leader tab deadlock in continuous login flow

[ryanpesek]

Details

When the flowsContinuousLogin flag is enabled, the leader tab (the one completing login) discovers other open tabs via BroadcastChannel, tells them to continue, and waits for each to confirm exit before proceeding. Two issues could cause the leader to hang indefinitely:

1. Flag guard on responder side: multiTabOrchestrateLeave() checked flowsContinuousLogin before sending the exit broadcast. Tabs that loaded before the flag was enabled (or before a deploy with updated code) would receive the continue signal and navigate away successfully, but never send the exit confirmation—leaving the leader stuck in an infinite polling loop with localStorage lock never cleaned up. Removed the flag guard from multiTabOrchestrateLeave(); the flag check in multiTabOrchestrateResume() on the leader side is sufficient to gate the feature.

2. No timeout for unresponsive tabs: Tabs old enough to predate the flag guard fix, or those that crash/close during orchestration, would never send an exit message. Added a 3-second per-tab timeout so the leader logs a warning and moves on rather than waiting forever.

Additionally, added a pagehide event listener in Broadcast that automatically sends the exit message when a page unloads. This provides defense-in-depth for any edge case where a tab navigates away without explicitly calling multiTabOrchestrateLeave().

---

Checklist

• Local tests pass (ak test authentik/)
• The code has been formatted (make lint-fix)

If an API change has been made

• The API schema and clients have been updated (make gen)

If changes to the frontend have been made

• The code has been formatted (make web)

If applicable

• The documentation has been updated
• The documentation has been formatted (make docs)

[netlify]

✅ Deploy Preview for authentik-integrations ready!

Name	Link
🔨 Latest commit	61ca5c6
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/69d670d55cb66000089f4a33
😎 Deploy Preview	https://deploy-preview-21482--authentik-integrations.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for authentik-docs ready!

Name	Link
🔨 Latest commit	61ca5c6
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/69d670d5dd441500086212b2
😎 Deploy Preview	https://deploy-preview-21482--authentik-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.28%. Comparing base (6ae21ee) to head (7e47b23).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@                 Coverage Diff                 @@
##           version-2025.12   #21482      +/-   ##
===================================================
+ Coverage            93.01%   93.28%   +0.26%     
===================================================
  Files                  947      947              
  Lines                52865    52865              
===================================================
+ Hits                 49175    49314     +139     
+ Misses                3690     3551     -139     

Flag	Coverage Δ
e2e	44.17% <ø> (+1.33%)	⬆️
integration	23.40% <ø> (+<0.01%)	⬆️
unit	91.63% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[ryanpesek]

Closing this in favor of #21583