Skip to content

AUTH-2: keep-me-logged-in by default (strong client session caching)#102

Merged
mvalancy merged 1 commit into
devfrom
feat/keep-me-logged-in
Jun 17, 2026
Merged

AUTH-2: keep-me-logged-in by default (strong client session caching)#102
mvalancy merged 1 commit into
devfrom
feat/keep-me-logged-in

Conversation

@mvalancy

Copy link
Copy Markdown
Member

What

Users shouldn't have to log in over and over. This makes "keep me logged in" the default and makes it clear in the UI, with a clean session-only opt-out.

  • lib/authStorage.ts (new): one accessor for the auth token + cached user.
    • keep=truelocalStorage (survives browser restart — the default)
    • keep=falsesessionStorage (cleared when the tab/window closes)
    • reads prefer localStorage then fall back to sessionStorage; switching modes clears the stale copy; graphdone:keepLoggedIn defaults to true.
  • apollo.ts (authLink / errorLink clears / wsLink) and AuthContext (mount, login, logout, ME refresh) now go through authStorage instead of poking localStorage directly.
  • AuthContext.login(user, token, keepLoggedIn?) threads the choice (defaults to the user's last preference).
  • Signin: the checkbox is now default ON, relabeled "Keep me logged in" with clear copy ("Stay signed in on this device — uncheck on shared computers"); magic-link sign-in keeps you logged in by default.

Verification

  • authStorage.test.ts8/8 (persistent vs session, mode-switch clears stale copy, default-kept, localStorage-preference, token-only, clearSession).
  • THE GATE smoke 5/5 (login flow unaffected by the storage refactor); web typecheck clean.

Follow-up (not here): sliding token refresh before the 30-day expiry (needs a Worker refresh endpoint).

🤖 Generated with Claude Code

Strong client-side session caching so users don't log in over and over.

- New lib/authStorage.ts: single accessor for the auth token + cached user.
  keep=true → localStorage (survives browser restart; the default); keep=false
  → sessionStorage (cleared when the tab closes). Reads prefer localStorage then
  fall back to sessionStorage; switching modes clears the stale copy; the keep
  flag (graphdone:keepLoggedIn) defaults to true.
- Route apollo.ts (authLink, errorLink clears, wsLink) and AuthContext
  (mount/login/logout + ME refresh) through authStorage instead of poking
  localStorage directly.
- AuthContext.login(user, token, keepLoggedIn?) threads the choice; defaults to
  the user's last preference.
- Signin: "Keep me logged in" checkbox now DEFAULT ON with clear copy
  ("Stay signed in on this device — uncheck on shared computers"); magic-link
  sign-in keeps you logged in by default (you clicked your own link).
- Unit test (8 cases) for the storage logic. THE GATE 5/5 (login unaffected).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@github-actions

Copy link
Copy Markdown

🧪 Comprehensive Test Suite

  • Unit suites (Node 18.x & 20.x) — core, web, server, mcp-server: ✅ passed
  • Installer & deploy config: ✅ passed

Full-stack smoke gate runs in the CI workflow.

@mvalancy mvalancy merged commit 4f3f684 into dev Jun 17, 2026
16 checks passed
@mvalancy mvalancy deleted the feat/keep-me-logged-in branch June 17, 2026 23:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant