* Bump backend package version to `2.2.0` in `package.json` and
`package-lock.json`.
* Replace local storage token management with secure HTTP-only
cookies.
* Added cookie options to `@fastify/cookie` plugin configuration
in `server.js` (request-time parsing, strict same-site,
production enforcement).
* Updated `auth.js` routes to use `reply.setCookie` and
`reply.clearCookie` instead of manual token handling.
* Added `request.headers.authorization` pre-handling hook to
inject cookie tokens into the Authorization header for route
handlers.
* Updated `frontend/src/lib/stores/auth.js`:
* Switched token storage logic to rely solely on cookies via the
browser (`credentials: 'include'`).
* Removed `localStroage` and `sessionStor`ge usage for the auth
token.
* Refactored login/register flow to call `markAuthenticated()`
immediately upon success.
* Updated logout to clear the backend cookie via
`/api/auth/logout` and reset store state.
* Modified `checkRegistrationConfig` and other store methods to
handle state updates correctly without local storage
persistence.
* Removed `localStroage` and `sessionStor`ge references from the
frontend register page UI and validation logic.
Update version to 2.2.0 and migrate to session-based cookies
Replace JWT token storage with HTTP-only session cookies in the backend.
Add `/session` endpoint to verify cookie-based authentication and remove
reliance on localStorage for client-side token management. Update
frontend auth store to handle cookies via `credentials: include` and
refresh tokens on 401 errors.
Michael Skrynski
2c0cd01ab2