Greptile Summary

This PR fixes the refresh-disconnect UX for the Control UI by persisting the gateway auth token in sessionStorage instead of keeping it purely in memory. The token is saved on every saveSettings call and loaded during settings bootstrap, while localStorage remains intentionally token-free.

Key changes:

• storage.ts: adds helpers to load and persist the session token; loadSettings now prefers a stored session token over the empty default; saveSettings now writes the token to sessionStorage.
• storage.node.test.ts: stubs sessionStorage in test setup and updates two test cases to verify session-only token persistence and correct legacy-token scrubbing.
• navigation.browser.test.ts: adds assertions that URL-imported tokens are written to sessionStorage.

One logic gap is present: the early-return path in loadSettings (lines 52–54) that fires when localStorage has no entry returns defaults without consulting sessionStorage. If localStorage is ever cleared while a valid session token still exists in sessionStorage, the token will be silently discarded on the next load. The same session-token load call used in the main branch should also be applied in this branch.

Confidence Score: 3/5

• Safe to merge with one logic gap, but the gap is limited to an uncommon edge case (localStorage manually cleared while sessionStorage still holds a token).
• The core approach is sound and the tests cover the happy-path URL-token and legacy-scrub scenarios well. The one identified issue — loadSessionToken() not being called in the !raw early-return branch of loadSettings — means a session token is lost whenever localStorage is absent, creating an observable inconsistency. It is not reachable in normal usage (because saveSettings always writes both stores together), but it is a real divergence from the stated contract and worth fixing before merge.
• ui/src/ui/storage.ts — the !raw early-return branch (lines 52–54) should also call loadSessionToken() to be consistent with the main branch.

_{Last reviewed commit: 53ef2d9}

Repro that motivated this patch:

1. Open Control UI with a tokenized URL, e.g. http://127.0.0.1:18789/#token=...
2. The UI imports the token and strips it from the address bar
3. Refresh the page
4. Control UI drops back to an unauthenticated state and disconnects

Observed result today:

• refresh loses the gateway token because it only lives in memory
• the URL token is already stripped, so the user has no stable refresh path

Expected result:

• refresh should stay connected within the same tab/session
• closing the tab/window should still clear the token

That’s why sessionStorage felt like the right middle ground here.

Good catch — I’ve addressed that edge case.

What changed in the follow-up commit:

• defaults.token now initializes from loadSessionToken() ?? ""
• so the token is still restored even when localStorage is empty or parsing fails
• added a test covering the localStorage missing + sessionStorage token present case

This keeps the two code paths consistent and matches the intended contract for session-scoped token persistence.

Refreshing this PR and clarifying scope.

This PR fixes the Control UI refresh/token-persistence problem only by keeping the gateway token in sessionStorage for the lifetime of the tab/session.

What it fixes:

• token imported from ?token= / #token= survives normal page refresh
• closing the tab/window still clears the token
• localStorage remains token-free

What it does not try to fix:

• the separate device signature invalid / device-auth regression tracked in related issues such as Control UI can hit device signature invalid after upgrade even with valid gateway token #39649 and [Bug]: Control UI "device signature invalid" — token field mismatch between client signing and server #39667

I also addressed the earlier edge case noted in review:

• session token is now restored even when localStorage is empty
• added coverage for that path in tests

CI is green after the update. If maintainers still want this split, targeted UX fix, this should be ready for review/merge.

It looks like main has since moved to a more complete gateway-scoped session-token approach, which overlaps with the original intent of this PR.

The original goal here was to fix the refresh/token-loss UX and establish session-scoped persistence without falling back to localStorage.

If maintainers consider the current mainline implementation to have fully superseded this PR, I’m happy for this to be closed as covered by the newer approach.