AT 3.8 - Verify Access Restriction for Direct URL Access

[ImNotNihal]

Related to US 3.8 #79 Acceptance Criteria:

1. User (Instructor or Student) logs in successfully and accesses their dashboard.
2. User copies the URL of a protected page (e.g., dashboard, assessment page).
3. User opens a new incognito/private browser window or logs out and attempts to access the protected URL directly by pasting it.
   • Expected Outcome: The user is redirected to the login page and is required to authenticate before accessing the content.
4. User attempts to access protected pages (e.g., dashboard, assessment page) without logging in.
   • Expected Outcome: The user is redirected to the login page, preventing unauthorized access.
5. User navigates to other protected pages after logging in and can freely use the back and forward buttons within the session.
6. User logs out and attempts to use the back button to return to protected pages.
   • Expected Outcome: The user is redirected to the login page and cannot access the previously viewed protected pages without logging in again.
7. User verifies consistent behavior by testing the access restriction on different devices and browsers.