Remove workspace session-token coupling

tests/e2e/smoke.spec.js

@@ -44,6 +44,34 @@ test("home document renders static auth markup without bootstrapping blazor", as
   expect(html).toContain("data-auth-page");
 });
 
+test("authenticated home document avoids prerendered workspace shell", async ({ request }) => {
+  const username = `doc-auth-${Date.now()}`;
+  const password = "Password123";
+
+  await postJson(request, "/api/auth/register", {
+    username,
+    password,
+    displayName: "Document Auth"
+  });
+
+  const loginResponse = await request.post("/api/auth/login", {
+    data: {
+      username,
+      password
+    }
+  });
+  expect(loginResponse.ok()).toBeTruthy();
+
+  const response = await request.get("/");
+  expect(response.ok()).toBeTruthy();
+
+  const html = await response.text();
+  expect(html).toContain("_framework/blazor.web.js");
+  expect(html).not.toContain("Register or log in to join a campaign session.");
+  expect(html).not.toContain("Loading user...");
+  expect(html).not.toContain("Offline fallback");
+});
+
 test("successful login transitions to play workspace", async ({ page, context }) => {
   const username = `login-${Date.now()}`;
   const password = "Password123";