58f8b67b28
- Seed user: shawn / Brett85!@ (SHA-256) - Sessions table with expires_at column - login endpoint supports remember_me flag (30d vs 1d expiry) - logout endpoint invalidates server-side token - auth middleware + /api/auth/me check session expiry - Frontend sends remember_me in login request body - Frontend calls /api/auth/logout on client logout - Migration function for existing databases