From 78cc9fecfebc6ebb0d30425bee7306b1e798e60c Mon Sep 17 00:00:00 2001
From: Dan Corder <dan.corder@digital.cabinet-office.gov.uk>
Date: Fri, 15 Nov 2024 11:15:24 +0000
Subject: [PATCH] PYIC-6245: Also check that there is no IPV Session ID

---
 src/app/mobile-app/middleware.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/app/mobile-app/middleware.ts b/src/app/mobile-app/middleware.ts
index 44b3ad94..97ca60ff 100644
--- a/src/app/mobile-app/middleware.ts
+++ b/src/app/mobile-app/middleware.ts
@@ -19,6 +19,7 @@ export const checkMobileAppDetails: RequestHandler = async (req, res) => {
 
   // If we don't have a clientOAuthSessionId in our session then we're dealing with a cross browser callback and core back will give us a clientOAuthSessionId to use instead.
   if (
+    !req.session.ipvSessionId &&
     !req.session.clientOauthSessionId &&
     apiResponse.data.clientOAuthSessionId
   ) {