1. Session expires: widget gets 401 → clears stale cookie from
App Group → stops retrying with bad auth → shows cached data
until user opens app and re-authenticates
2. Account switch: login() now calls clearWidgetAuth() BEFORE
syncCookieToWidget() — clears previous user's cached calories
before writing new user's cookie. No brief display of wrong data.
3. Logout: already correct — clearWidgetAuth removes cookie +
cached data, widget shows 0/2000
4. Minimum data: only session cookie + 2 cached numbers + timestamp
in App Group. No passwords, no user IDs, no PII.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
5d51ac6833