Auth Flow QA
QA
45-75 minutes0/5 steps0%
Step 3 of 5
Test the session lifecycle
Sessions are where fake auth dies - test persistence hard.
First time here? Paste the Context Pack first so the AI understands your project - open it from the header above.
Prompt Capsule
Execute session tests: refresh on a protected page (session persists, no logged-out flash); close and reopen the tab (persists); logout (session fully cleared - verify by trying a protected API call after); back button after logout (no protected content from cache); two browsers/sessions simultaneously (both work independently); token/session tampering (edit the stored token - app must reject and recover cleanly, not crash).
Paste into EmergentFull Build: complete implementation prompt with explicit requirements
Quick is short. Full Build is recommended for most steps. Strict forces real logic when the AI keeps faking output.
Actual change check
Expected after this step
An executed session lifecycle table including tamper and back-button checks.
Should NOT happen
- An existing feature broke
- A button only logs to console
- Data disappears after refresh
- Errors fail silently with no visible state
This is what should exist before you continue. If reality does not match, do not move on.
Track what changed, failed, or needs follow-up. Notes export with the flow.
Pass the Verify Gate to complete this step