small component ui fix (#1414)

<!--

Make sure you've read the CONTRIBUTING.md guidelines:
https://github.com/stack-auth/stack-auth/blob/dev/CONTRIBUTING.md

-->


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Refactor**
* Enhanced CLI authentication confirmation tracking to improve session
persistence and state management during sign-in flows.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->

packages/template/src/components-page/cli-auth-confirm.test.tsx

@@ -171,7 +171,7 @@ describe("useCliAuthConfirmation", () => {
       accessToken: "access-token",
       refreshToken: "refresh-token",
     });
-    expect(new URL(window.location.href).searchParams.get("confirmed")).toBe("true");
+    expect(sessionStorage.getItem("stack-cli-auth-confirmed")).toBe("login-code");
     expect(sendRequest.mock.calls.map(call => JSON.parse(String(call[1].body)))).toMatchInlineSnapshot(`
       [
         {

packages/template/src/components-page/cli-auth-confirm.tsx

@@ -28,10 +28,18 @@ async function completeCliAuthWithRefreshToken(app: StackClientApp, loginCode: s
   await ensureCliCompleteOk(result);
 }
 
-function markUrlConfirmed() {
-  const url = new URL(window.location.href);
-  url.searchParams.set("confirmed", "true");
-  window.history.replaceState({}, "", url.toString());
+const CLI_AUTH_CONFIRMED_KEY = "stack-cli-auth-confirmed";
+
+function markConfirmed(loginCode: string) {
+  sessionStorage.setItem(CLI_AUTH_CONFIRMED_KEY, loginCode);
+}
+
+function isConfirmed(loginCode: string): boolean {
+  return sessionStorage.getItem(CLI_AUTH_CONFIRMED_KEY) === loginCode;
+}
+
+function clearConfirmed() {
+  sessionStorage.removeItem(CLI_AUTH_CONFIRMED_KEY);
 }
 
 function getError(err: unknown): Error {
@@ -79,7 +87,7 @@ export function useCliAuthConfirmation(): CliAuthConfirmationState {
   });
   const [confirmed] = useState(() => {
     if (typeof window === 'undefined') return false;
-    return new URLSearchParams(window.location.search).get("confirmed") === "true";
+    return loginCode != null && isConfirmed(loginCode);
   });
 
   const completeWithCurrentUser = useCallback(async () => {
@@ -105,6 +113,7 @@ export function useCliAuthConfirmation(): CliAuthConfirmationState {
       setStatus("authorizing");
       try {
         await completeWithCurrentUser();
+        clearConfirmed();
         setStatus("success");
       } catch (err) {
         setError(getError(err));
@@ -130,6 +139,7 @@ export function useCliAuthConfirmation(): CliAuthConfirmationState {
       setStatus("authorizing");
       if (user) {
         await completeWithCurrentUser();
+        clearConfirmed();
         setStatus("success");
         return;
       }
@@ -158,17 +168,13 @@ export function useCliAuthConfirmation(): CliAuthConfirmationState {
           accessToken,
           refreshToken,
         });
-        // Only mark the URL as confirmed once the anon session is actually
-        // bound to the browser; otherwise a failure above would leave a stale
-        // confirmed=true in the URL and the auto-complete effect would later
-        // bind the CLI to whichever user happens to be signed in.
-        markUrlConfirmed();
+        markConfirmed(loginCode);
         setStatus("redirecting");
         await app.redirectToSignUp({ replace: true });
         return;
       }
 
-      markUrlConfirmed();
+      markConfirmed(loginCode);
       setStatus("redirecting");
       await app.redirectToSignIn({ replace: true });
     } catch (err) {