/**
 * Direct session update that bypasses useSession().update()'s `if (loading) return;` guard.
 * This ensures the JWT cookie is always updated, even when another session refresh is in-flight.
 */
export async function directSessionUpdate(data: Record<string, unknown>): Promise<boolean> {
  try {
    // Get CSRF token
    const csrfResp = await fetch('/api/auth/csrf')
    if (!csrfResp.ok) return false
    const { csrfToken } = await csrfResp.json()

    // POST session update
    const resp = await fetch('/api/auth/session', {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({ csrfToken, data }),
    })

    return resp.ok
  } catch {
    return false
  }
}