Session is currently managed via cookie (set in auth_router.py). Review and perhaps change to using JWT.
