Duplicate Mines start request desynchronizes client/server state and freezes UI
Duplicate Mines 'start' requests caused the client and server to drift out of state, freezing the Mines UI until the user re-authenticated or refreshed the page.
Description
When the Mines game received two start requests in quick succession (a user double-click, a network retry), the server created two sessions but the client only tracked one. Subsequent actions referenced one session ID while the server expected another, producing a frozen UI that did not recover until the user reauthenticated or refreshed.
Impact
Player-visible game lockup, recoverable only through reauth. Not a fund-loss issue, but a high-frequency UX failure that disrupts gameplay.
Recommendation
Make start idempotent at the server: if a session is already in-flight for the user, return the existing session ID rather than creating a new one. Add server-side debouncing and reject duplicate requests within a short window. Add a session-recovery endpoint so the client can re-sync without forcing the user to reauthenticate.
Fair Casino: Fixed. Zealynx: Verified.