Lukas
5b24a9c142
Replace sensitive token fragments in structured logs with: - login(): Use session_id=session.id (database row ID) instead of token_prefix - logout(): Use token_hash (SHA256 one-way hash, first 12 chars) instead of token_prefix This prevents partial token material leakage into log aggregation systems while maintaining useful session correlation via hashed tokens or database IDs. Also updated Backend-Development.md to clarify logging conventions for sensitive data handling. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>