From 2272e8d3632683c52a8d1351e5b6b311cd2056cb Mon Sep 17 00:00:00 2001
From: Josh Patra <joshpatra12@gmail.com>
Date: Sat, 7 Feb 2026 11:52:17 -0500
Subject: [PATCH] fix: use stored session headers for WebSocket auth

- Changed MaintainWebSocketForSessionAsync to use session.Headers instead of parameter
- Parameter headers might be disposed after HTTP request completes
- Session headers are cloned and stored safely in memory
- WebSocket now properly authenticates as the client instead of falling back to server API key
- Sessions will now appear under correct user in Jellyfin dashboard
---
 allstarr/Services/Jellyfin/JellyfinSessionManager.cs | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/allstarr/Services/Jellyfin/JellyfinSessionManager.cs b/allstarr/Services/Jellyfin/JellyfinSessionManager.cs
index b900e35..9c8cc98 100644
--- a/allstarr/Services/Jellyfin/JellyfinSessionManager.cs
+++ b/allstarr/Services/Jellyfin/JellyfinSessionManager.cs
@@ -298,20 +298,23 @@ public class JellyfinSessionManager : IDisposable
             webSocket = new ClientWebSocket();
             session.WebSocket = webSocket;
 
+            // Use stored session headers instead of parameter (parameter might be disposed)
+            var sessionHeaders = session.Headers;
+            
             // Log available headers for debugging
             _logger.LogDebug("🔍 WEBSOCKET: Available headers for {DeviceId}: {Headers}", 
-                deviceId, string.Join(", ", headers.Keys));
+                deviceId, string.Join(", ", sessionHeaders.Keys));
 
             // Forward authentication headers from the CLIENT - this is critical for session to appear under the right user
             bool authFound = false;
-            if (headers.TryGetValue("X-Emby-Authorization", out var embyAuth))
+            if (sessionHeaders.TryGetValue("X-Emby-Authorization", out var embyAuth))
             {
                 webSocket.Options.SetRequestHeader("X-Emby-Authorization", embyAuth.ToString());
                 _logger.LogDebug("🔑 WEBSOCKET: Using X-Emby-Authorization for {DeviceId}: {Auth}", 
                     deviceId, embyAuth.ToString().Length > 50 ? embyAuth.ToString()[..50] + "..." : embyAuth.ToString());
                 authFound = true;
             }
-            else if (headers.TryGetValue("Authorization", out var auth))
+            else if (sessionHeaders.TryGetValue("Authorization", out var auth))
             {
                 var authValue = auth.ToString();
                 if (authValue.Contains("MediaBrowser", StringComparison.OrdinalIgnoreCase))