HSNAKDValidation Labhakdogan.com

Authentication

Session timeout

Idle session expires, prompting the user to sign in again without losing the route they were on.

User story

As a returning user, I want my expired session to drop me back to login with a deep link so I can resume my workflow.

Acceptance criteria

  • After idle expiry, all authed routes redirect to /login
  • The intended path is preserved as ?next=/wallet
  • On successful re-login, the user is restored to /wallet
  • Toast confirms 'Session expired' once

Manual test steps

  1. 1.Sign in with demo credentials
  2. 2.Open /wallet
  3. 3.Open QA Test Mode → Toggle 'Session timeout'
  4. 4.Click any nav item

Expected result

Browser lands on /login?next=/wallet with a toast saying 'Session expired'.

Possible bug risks

  • Open tabs continue making authed calls after expiry → 401 storms
  • Deep link parameter is unsafe (open redirect)
  • Toast queue duplicates 'Session expired' across tabs

Reference Playwright spec

session-timeout.spec.ts
ts
1
2
3
4
5
6
7
8
9
10
11
12
13
import { test, expect } from '@playwright/test';

test('expired session redirects with next link @regression', async ({ page }) => {
  await page.goto('https://lab.hakdogan.com/login');
  await page.getByRole('button', { name: /use demo account/i }).click();
  await page.getByRole('button', { name: /sign in/i }).click();

  // simulate expiry via QA mode toggle
  await page.evaluate(() => localStorage.removeItem('vl-lab-auth'));
  await page.goto('https://lab.hakdogan.com/wallet');

  await expect(page).toHaveURL(/\/login\?next=%2Fwallet$/);
});