We have a cookie problem. Not the good kind.

For historical reasons, different parts of the site look for different login cookies. Some code reads one name, some reads another, and the nav bar reads a
third. It works, in the way a three-legged chair works.
The plan
- Write down every place a cookie is read or written.
- Pick one name and one shape, then migrate carefully.
- Keep the old path alive until nobody trips on it.

This is the kind of change you do
slowly, because auth bugs are the worst bugs.

Here is the audit helper we ran first:
CODE grep -rn "Cookie" src/ public/ | grep -i user
The results were humbling. There were more cookie names than crew members.
Why write this up?Because someone six months from now will ask "why is login weird" and deserve an answer that is not a shrug. If you want the gory details, they live on
the community boards, and the tracking notes are on
https://madsplash.net/blog.
No cookies were harmed. Yet.