From 4f34ce77c9b9aeea62d129e5dfdfb2273da4fe8a Mon Sep 17 00:00:00 2001
From: Yosri Barhoumi <med.yosri.brh@gmail.com>
Date: Tue, 27 Jan 2026 20:07:06 +0100
Subject: [PATCH] Improve logging for session refresh token status

Signed-off-by: Yosri Barhoumi <med.yosri.brh@gmail.com>
---
 pkg/apis/sessions/session_state.go      |  2 ++
 pkg/apis/sessions/session_state_test.go | 29 +++++++++++++++++++++++++
 pkg/middleware/stored_session.go        |  1 +
 3 files changed, 32 insertions(+)

diff --git a/pkg/apis/sessions/session_state.go b/pkg/apis/sessions/session_state.go
index a1f807ab..bc3eb1fe 100644
--- a/pkg/apis/sessions/session_state.go
+++ b/pkg/apis/sessions/session_state.go
@@ -123,6 +123,8 @@ func (s *SessionState) String() string {
 	}
 	if s.RefreshToken != "" {
 		o += " refresh_token:true"
+	} else {
+		o += " refresh_token:false"
 	}
 	if len(s.Groups) > 0 {
 		o += fmt.Sprintf(" groups:%v", s.Groups)
diff --git a/pkg/apis/sessions/session_state_test.go b/pkg/apis/sessions/session_state_test.go
index 87b97614..88b8b895 100644
--- a/pkg/apis/sessions/session_state_test.go
+++ b/pkg/apis/sessions/session_state_test.go
@@ -4,6 +4,7 @@ import (
 	"crypto/rand"
 	"fmt"
 	"io"
+	"strings"
 	"testing"
 	"time"
 
@@ -289,3 +290,31 @@ func compareSessionStates(t *testing.T, expected *SessionState, actual *SessionS
 	act.ExpiresOn = nil
 	assert.Equal(t, exp, act)
 }
+
+func TestSessionState_String_RefreshTokenFalse(t *testing.T) {
+	session := &SessionState{
+		Email: "test@example.com",
+		User:  "testuser",
+		// No RefreshToken set
+	}
+
+	result := session.String()
+
+	if !strings.Contains(result, "refresh_token:false") {
+		t.Errorf("Expected 'refresh_token:false' in output, got: %s", result)
+	}
+}
+
+func TestSessionState_String_RefreshTokenTrue(t *testing.T) {
+	session := &SessionState{
+		Email:        "test@example.com",
+		User:         "testuser",
+		RefreshToken: "some-token",
+	}
+
+	result := session.String()
+
+	if !strings.Contains(result, "refresh_token:true") {
+		t.Errorf("Expected 'refresh_token:true' in output, got: %s", result)
+	}
+}
diff --git a/pkg/middleware/stored_session.go b/pkg/middleware/stored_session.go
index f861c756..72c364e7 100644
--- a/pkg/middleware/stored_session.go
+++ b/pkg/middleware/stored_session.go
@@ -222,6 +222,7 @@ func (s *storedSessionLoader) refreshSession(rw http.ResponseWriter, req *http.R
 
 	// Session not refreshed, nothing to persist.
 	if !refreshed {
+		logger.Printf("Session not refreshed - User: %s; no refresh token available or provider returned false", session.User)
 		return nil
 	}