Persist session across page refreshes via sessionStorage

Credentials are saved to sessionStorage on login and restored on mount,
so a page refresh re-authenticates silently. Closing the tab clears them.
Logout explicitly removes them.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

ui/src/App.jsx

@@ -26,6 +26,8 @@ export default function App() {
   async function handleLogin(user, pass) {
     setCredentials(user, pass)
     await api.getSources().then(s => {
+      sessionStorage.setItem('df_user', user)
+      sessionStorage.setItem('df_pass', pass)
       setSources(s)
       if (!source && s.length > 0) setSource(s[0].name)
       setAuthed(true)
@@ -35,20 +37,19 @@ export default function App() {
 
   function handleLogout() {
     clearCredentials()
+    sessionStorage.removeItem('df_user')
+    sessionStorage.removeItem('df_pass')
     setAuthed(false)
     setLoginUser('')
     setSources([])
   }
 
+  // On mount, restore session if credentials are saved
   useEffect(() => {
-    if (!authed) return
+    const user = sessionStorage.getItem('df_user')
-    api.getSources().then(s => {
+    const pass = sessionStorage.getItem('df_pass')
-      setSources(s)
+    if (user && pass) handleLogin(user, pass).catch(() => handleLogout())
-      if (!source && s.length > 0) setSource(s[0].name)
+  }, [])
-    }).catch(err => {
-      if (err.status === 401) handleLogout()
-    })
-  }, [authed])
 
   useEffect(() => {
     if (source) localStorage.setItem('selectedSource', source)