HomeProjectsDevLogServicesAI AutomationAboutContactGet Started
Back to DevLog
infrastructuresaasautomationvibe-coding

Fixing Cross-Client Data Bleed and Session Persistence in HoneyBun

2 min read

Had one of those debugging sessions today where you fix one thing and discover three more issues hiding underneath. But hey, that's the fun of building in public, right?

The Big Fix: Cross-Client Google Credential Bleed

Discovered a nasty bug where our OAuth callback was auto-matching Google Analytics properties using fallbacks. Basically, if we couldn't find a domain match, we'd just grab the first GA4 property and GSC site from the list. This meant Photo Booth Guy was inheriting HoneyBun's analytics data. Yikes.

The fix was simple but important: removed the fallback entirely. Better to have null analytics than the wrong analytics. Sometimes the best code is the code you delete.

Session Persistence Headaches

Users were getting logged out on every page refresh because our saveConfig() was only writing to localStorage when "Remember Me" was checked. Implemented a dual-storage strategy:

  • Always write to sessionStorage (survives refresh)
  • Conditionally write to localStorage (controlled by Remember Me checkbox)

This gives users the best of both worlds without breaking expected behavior.

GA4 Tracking for gethoneybun.com

Finally got around to adding proper GA4 tracking to our main site. Built it into the hb-heartbeat.php mu-plugin with an inject_ga4() method. Mu-plugins are perfect for this kind of thing—they survive theme updates and load automatically.

Deployed to Cloudways, set the measurement ID via WordPress options, and purged the cache. Clean and simple.

The Database Propagation Bug

Found another sneaky issue: when clearing analytics via PATCH, the nulls weren't propagating to our integrations table. The recordToIntegration function had no else branch, and updateClient only upserted when values were truthy.

Added explicit null-clearing logic and updated the conditions to check for field presence rather than truthiness. Data consistency is everything in a provisioning system.

What's Working Now

✅ GA4 tag firing on gethoneybun.com ✅ HoneyBun's analytics properly isolated ✅ Photo Booth Guy's analytics cleared ✅ OAuth no longer auto-matches wrong properties ✅ Session persistence working as expected

Deployed everything and ran the full test suite. All green.

Key Lessons

Fallbacks can be dangerous. That auto-match seemed helpful until it started mixing client data.

Dual storage strategies work. Don't fight the browser's storage models—work with them.

Mu-plugins are underrated. Perfect for infrastructure code that needs to survive WordPress updates.

On to the next set of issues. The backlog never sleeps, but at least these core data integrity problems are solved.

Share this post

LinkedInFacebook