Mobile auth session is not persisted across app restarts

[Midoriya-w]

Problem

The mobile authentication flow currently does not persist user sessions across app restarts.

Inside apps/mobile/src/context/AuthContext.tsx, the auth provider contains TODO placeholders for loading and saving tokens, but no actual persistence implementation exists.

Current behavior:

• User logs in successfully
• App state holds token temporarily
• Restarting the app clears authentication state
• User must log in again every launch

Evidence

// TODO: Load token from secure storage on app start
useEffect(() => {
  setIsLoading(false);
}, []);

Expected behavior

• Authentication token should persist securely across app restarts
• Existing user sessions should be restored automatically on launch
• Logout should properly clear persisted auth state
• App should remain authenticated until token expiry or explicit logout

Suggested fix

Implement persistent auth storage using either:

• expo-secure-store
• @react-native-async-storage/async-storage

Possible implementation flow:

1. Save token during login
2. Restore token inside initial useEffect
3. Re-fetch user profile if token exists
4. Clear token on logout

This would significantly improve mobile UX and session continuity.

Why this matters

Currently the app behaves like a stateless session on mobile.

For a production mobile application, users generally expect:

• persistent login
• seamless relaunch experience
• session continuity

Re-authenticating on every app restart creates unnecessary friction.

[Midoriya-w]

Hey @Harxit, I’d like to work on this issue under GSSoC 2026.

I’ve already gone through the related mobile auth flow and checked the current token handling implementation, so I’d love to take this up and work on persistent session handling/auth restoration.

[Harxhit]

@Midoriya-w I have assigned this issue to you.

[Midoriya-w]

Hey @Harxhit! Opened a PR with the fix implemented persistent auth using expo-secure-store. Token saves on login, restores on app launch, clears properly on logout, and auto-clears if token is expired/invalid. PR: #305 Ready for review!