Add session persistence and refresh handling

[Lakes41]

Summary

Persist authenticated wallet session state safely so users do not need to reconnect or re-authenticate on every page refresh.

Current Behaviour

Session data is fetched from the API based on the connected wallet state, but the frontend does not clearly model session expiry, refresh, or invalidation behaviour.

Expected Behaviour

The app should preserve valid sessions across reloads, detect expired sessions, and provide a clean path to refresh or clear stale authentication state.

Suggested Implementation

Add a session utility layer that stores only safe metadata client-side and relies on the backend for authoritative session validation. Integrate it with React Query cache invalidation, wallet disconnect events, and admin guard checks.

Files or Areas Likely Affected

• lib/api/types.ts
• lib/api/live.ts
• lib/api/mock.ts
• components/admin-guard.tsx
• components/wallet/connect-button.tsx
• lib/wallet/providers.tsx

Acceptance Criteria

• Valid sessions survive page refreshes where backend auth permits it
• Expired sessions are detected and cleared safely
• Disconnecting a wallet clears session-dependent cached data
• Admin pages do not remain accessible after session invalidation
• Mock mode can simulate valid, expired, and cleared sessions

Additional Notes

Assumption: live mode will rely on backend cookies or tokens rather than trusting client-only session data.

[Chigybillionz]

Hello maintainer!

I would like to work on this issue.

I have experience with React, Next.js, TypeScript, authentication flows, session management, React Query, and wallet-based applications. I understand the importance of maintaining secure session persistence while ensuring the backend remains the source of truth for authentication state.

For this issue, I can implement a session utility layer that safely persists session metadata, handles session restoration on page reloads, detects expiration and invalidation events, and integrates with React Query cache management. I will also ensure wallet disconnects clear session-dependent data, admin routes respond correctly to invalid sessions, and mock mode supports valid, expired, and cleared session scenarios for testing.

My focus will be on security, reliability, and a seamless user experience across refreshes, reconnects, and session lifecycle events while keeping the implementation aligned with backend-authoritative authentication.

THANK you

[udeachudivine-spec]

I would like to apply for this issue

[dotmantissa]

Hi maintainers,

I'd like to work on this. I'll add a session utility layer that stores only safe metadata client side and defers to the backend for authoritative validation, wire it into React Query so cache invalidates on expiry or wallet disconnect, and update admin-guard.tsx so admin pages lock out immediately on session invalidation. I'll also add mock mode support for valid, expired, and cleared session states.

Thanks.

[khalifa-zoro]

Hi maintainer,
This absolutely looks like something I can tackle for you, if given the chance...I'd absolutely love to contribute to your project