diff --git a/apps/miniprogram/src/pages/index/index.tsx b/apps/miniprogram/src/pages/index/index.tsx
index 24b4f95..05ae3d3 100644
--- a/apps/miniprogram/src/pages/index/index.tsx
+++ b/apps/miniprogram/src/pages/index/index.tsx
@@ -1,5 +1,5 @@
 import { View, Text, Swiper, SwiperItem, Image } from '@tarojs/components';
-import { useState } from 'react';
+import { useState, useRef } from 'react';
 import Taro, { useDidShow, useDidHide } from '@tarojs/taro';
 import { safeNavigateTo } from '@/utils/navigate';
 import { useAuthStore } from '../../stores/auth';
@@ -347,12 +347,15 @@ export default function Index() {
   // 医护人员访问患者首页时，自动跳转到医生端
   // 不渲染 HomeDashboard，避免触发患者首页的 API 请求（并发叠加问题）
   const shouldRedirect = !!(user && isMedicalStaff());
+  const redirectingRef = useRef(false);
 
   useDidShow(() => {
-    if (shouldRedirect) {
+    if (shouldRedirect && !redirectingRef.current) {
+      redirectingRef.current = true;
       Taro.reLaunch({
         url: '/pages/pkg-doctor-core/index',
         fail: () => {
+          redirectingRef.current = false;
           console.warn('跳转医生端失败，停留患者首页');
         },
       });
diff --git a/apps/miniprogram/src/stores/auth.ts b/apps/miniprogram/src/stores/auth.ts
index 3b0ff3a..002c196 100644
--- a/apps/miniprogram/src/stores/auth.ts
+++ b/apps/miniprogram/src/stores/auth.ts
@@ -3,6 +3,13 @@ import Taro from '@tarojs/taro';
 import * as authApi from '@/services/auth';
 import { secureGet, secureSet, secureRemove } from '@/utils/secure-storage';
 import { clearRequestCache, markLoggingOut, clearLoggingOut, setCachedPatientId } from '@/services/request';
+
+// secureGet fallback: _es_ 加密键为空时尝试明文键（兼容 MCP 注入等场景）
+function storageGet(key: string): string {
+  const val = secureGet(key);
+  if (val) return val;
+  return Taro.getStorageSync(key) || '';
+}
 import { resetAllStores } from './index';
 
 // --- 内存缓存，避免每次 Tab 切换重复 Storage IPC + JSON.parse ---
@@ -81,19 +88,19 @@ export const useAuthStore = create<AuthState>((set, get) => ({
   restore: () => {
     // 利用内存缓存避免重复 Storage IPC + JSON.parse
     try {
-      const userData = secureGet('user_data');
+      const userData = storageGet('user_data');
       if (userData !== cachedUserJson) {
         cachedUserJson = userData;
         cachedUserObj = userData ? JSON.parse(userData) : null;
       }
-      const rolesData = secureGet('user_roles');
+      const rolesData = storageGet('user_roles');
       if (rolesData !== cachedRolesJson) {
         cachedRolesJson = rolesData;
         cachedRolesObj = rolesData ? JSON.parse(rolesData) : [];
       }
     } catch { /* secure storage 不可用时保持默认值 */ }
     try {
-      const patientStr = secureGet('current_patient');
+      const patientStr = storageGet('current_patient');
       let patientRaw = patientStr ? JSON.parse(patientStr) : null;
       const patientJson = patientRaw ? JSON.stringify(patientRaw) : '';
       if (patientJson !== cachedPatientJson) {