From 37a6645af0dffe2a7bed46d9de9c032989144f1a Mon Sep 17 00:00:00 2001
From: Paul Trowbridge <paul@hptrow.me>
Date: Sun, 5 Apr 2026 20:32:46 -0400
Subject: [PATCH] Persist session across page refreshes via sessionStorage

Credentials are saved to sessionStorage on login and restored on mount,
so a page refresh re-authenticates silently. Closing the tab clears them.
Logout explicitly removes them.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 ui/src/App.jsx | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/ui/src/App.jsx b/ui/src/App.jsx
index 9192e82..4fa31eb 100644
--- a/ui/src/App.jsx
+++ b/ui/src/App.jsx
@@ -26,6 +26,8 @@ export default function App() {
   async function handleLogin(user, pass) {
     setCredentials(user, pass)
     await api.getSources().then(s => {
+      sessionStorage.setItem('df_user', user)
+      sessionStorage.setItem('df_pass', pass)
       setSources(s)
       if (!source && s.length > 0) setSource(s[0].name)
       setAuthed(true)
@@ -35,20 +37,19 @@ export default function App() {
 
   function handleLogout() {
     clearCredentials()
+    sessionStorage.removeItem('df_user')
+    sessionStorage.removeItem('df_pass')
     setAuthed(false)
     setLoginUser('')
     setSources([])
   }
 
+  // On mount, restore session if credentials are saved
   useEffect(() => {
-    if (!authed) return
-    api.getSources().then(s => {
-      setSources(s)
-      if (!source && s.length > 0) setSource(s[0].name)
-    }).catch(err => {
-      if (err.status === 401) handleLogout()
-    })
-  }, [authed])
+    const user = sessionStorage.getItem('df_user')
+    const pass = sessionStorage.getItem('df_pass')
+    if (user && pass) handleLogin(user, pass).catch(() => handleLogout())
+  }, [])
 
   useEffect(() => {
     if (source) localStorage.setItem('selectedSource', source)