Your authentication state is session-based, not dependent on your controller scope, so you already have a "persistent authentication state" across your application.
There must be something else going on with your code that is generating that error, but as far as your question goes, you can see a working example here using example@example.com
as the email and example
as the password.
I matched your security rules as well, so if you login instead as test@example.com
with password test
you won't be able to create items
.