chore: store return URLs in session

[43081j]

Stores the return URL in the session rather than using cookies.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
npmx.dev	Ready	Preview, Comment	Feb 6, 2026 11:15pm

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
docs.npmx.dev	Ignored	Preview	Feb 6, 2026 11:15pm
npmx-lunaria	Ignored		Feb 6, 2026 11:15pm

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

📢 Thoughts on this report? Let us know!

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces a new hashing dependency (ohash) and refactors authentication and caching mechanisms. The auth redirect target storage has been migrated from client-side cookies to server-side session storage by adding a returnTo property to the UserServerSession interface. Badge query parameters now employ stricter validation through SafeStringSchema, and cache key generation for badge endpoints has been updated to use hash functions instead of JSON serialisation. These changes improve security by moving sensitive redirect information server-side and enhance caching consistency.

🚥 Pre-merge checks | ✅ 1

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description check	✅ Passed	The pull request description directly aligns with the changeset, which refactors auth redirect target storage from cookies to server sessions.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch jg/miscellaneous-sketchiness

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}