Remain Logged In Across App Restarts

• Given the user has successfully logged in, When the user closes the app completely and reopens it, Then the app navigates directly to the peer mentor home screen without showing the login form
• Given a stored session token exists, When the app launches, Then the session manager validates the token with Supabase before routing the user, completing within 1 second on a normal connection
• Given the stored token has expired, When the app launches, Then the user is redirected to the login screen with the message 'Your session has expired. Please sign in again.'
• Given the user explicitly signs out, When the sign-out action is confirmed, Then the stored token is deleted from secure storage and the user is returned to the login screen
• Given the device is compromised or the token revoked server-side, When the next authenticated API call fails with 401, Then the app clears local session data and redirects to login

Session persistence is the single most important usability factor for field workers. HLF noted one peer mentor with 380 individual registrations in a year — requiring login for each would be untenable. Persistent sessions reduce friction to near zero for returning users, directly increasing registration completion rates and the quality of data available for Bufdir reporting.

• Authentication Session Manager service
• Auth Token Store data
• Secure Storage Adapter infrastructure
• Session Resume Manager service
• Secure Session Storage data
• Supabase Session Manager infrastructure

• Sign In with Email and Password critical