Lukas
f3d6574160
- Remove JWT token and expires_at from sessionStorage - Simplify AuthProvider to use boolean isAuthenticated flag - Persist only isAuthenticated boolean for page-reload continuity - Update AuthProvider test to verify new auth model - Add comprehensive auth documentation to Web-Development.md explaining: - Cookie-based authentication model - How frontend auth state persists - Why tokens are no longer stored - Error handling flow for 401/403 responses The authentication model is cookie-based: the backend sets bangui_session cookie on login, frontend automatically includes it via credentials: 'include', and the backend is the sole authority on session validity. Previously stored tokens were never actually used and made the auth model misleading during development. Fixes TASK-STATE-04. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>