Stop persisting auth session token in browser storage

client/public/version.js

@@ -1,5 +1,5 @@
 // Maintainer-controlled web client version.
 // Format: YYYY.MM.DD Rn (example: 2026.02.20 R2)
-window.CHGRID_WEB_VERSION = "2026.02.28 R313";
+window.CHGRID_WEB_VERSION = "2026.02.28 R314";
 // Optional display timezone for timestamps. Falls back to America/Detroit if unset/invalid.
 window.CHGRID_TIME_ZONE = "America/Detroit";

client/src/settings/settingsStore.ts

@@ -11,7 +11,6 @@ const MIC_INPUT_GAIN_STORAGE_KEY = 'chatGridMicInputGain';
 const MASTER_VOLUME_STORAGE_KEY = 'chatGridMasterVolume';
 const PEER_LISTEN_GAINS_STORAGE_KEY = 'chatGridPeerListenGains';
 const NICKNAME_STORAGE_KEY = 'spatialChatNickname';
-const AUTH_SESSION_TOKEN_STORAGE_KEY = 'chatGridAuthSessionToken';
 const AUTH_USERNAME_STORAGE_KEY = 'chatGridAuthUsername';
 
 type DevicePreference = {
@@ -116,15 +115,17 @@ export class SettingsStore {
   }
 
   loadAuthSessionToken(): string {
-    return localStorage.getItem(AUTH_SESSION_TOKEN_STORAGE_KEY) || '';
+    // Session tokens are intentionally not persisted in browser storage.
+    // Remove any legacy stored token and force fresh auth on reload.
+    localStorage.removeItem('chatGridAuthSessionToken');
+    return '';
   }
 
   saveAuthSessionToken(token: string): void {
-    if (token) {
-      localStorage.setItem(AUTH_SESSION_TOKEN_STORAGE_KEY, token);
-      return;
-    }
-    localStorage.removeItem(AUTH_SESSION_TOKEN_STORAGE_KEY);
+    // Session tokens are intentionally not persisted in browser storage.
+    // Keep behavior explicit: always clear any legacy token slot.
+    void token;
+    localStorage.removeItem('chatGridAuthSessionToken');
   }
 
   loadAuthUsername(): string {