docs: note wallet session tradeoffs

src/wallet/WalletLoginModal.tsx

@@ -45,9 +45,13 @@ export function WalletLoginModal() {
     if (state !== "tpPolling") return;
 
     let cancelled = false;
+    const abortController = new AbortController();
     const poll = async () => {
       try {
-        const result = await fetchTokenPocketLoginResult(tpRequest.actionId);
+        const result = await fetchTokenPocketLoginResult(
+          tpRequest.actionId,
+          abortController.signal,
+        );
         if (cancelled) return;
         if (result.status === "completed") {
           const verified = await verifyWalletSignature({
@@ -66,8 +70,13 @@ export function WalletLoginModal() {
           setState("idle");
           setError(result.error || t("walletTpExpired"));
         }
-      } catch {
-        if (!cancelled) setError(t("walletLoginFailed"));
+      } catch (err) {
+        if (
+          !cancelled &&
+          !(err instanceof DOMException && err.name === "AbortError")
+        ) {
+          setError(t("walletLoginFailed"));
+        }
       }
     };
 
@@ -75,6 +84,7 @@ export function WalletLoginModal() {
     const timer = window.setInterval(() => void poll(), pollIntervalMs);
     return () => {
       cancelled = true;
+      abortController.abort();
       window.clearInterval(timer);
     };
   }, [completeLogin, loginModalOpen, state, tpRequest, t, showToast]);

src/wallet/api.ts

@@ -63,9 +63,11 @@ export function createTokenPocketLoginRequest(): Promise<TokenPocketLoginRequest
 
 export async function fetchTokenPocketLoginResult(
   actionId: string,
+  signal?: AbortSignal,
 ): Promise<TokenPocketLoginResult> {
   const res = await fetch(
     `${apiBase}/api/auth/wallet/tp-result?actionId=${encodeURIComponent(actionId)}`,
+    { signal },
   );
   if (!res.ok) throw new Error(await res.text());
   return res.json() as Promise<TokenPocketLoginResult>;