WIP - fix browser refresh not holding user authentication

frontend/middleware/auth.global.ts

@@ -12,16 +12,14 @@ export default defineNuxtRouteMiddleware(async (to, from) => {
   }
 
   const authMessage = useCookie('authMessage')
-  // Check for session cookie (HTTP-only cookie is checked server-side via API)
+  // Check for tenant cookie (set alongside session cookie on login)
   const tenantCookie = useCookie('routebox_tenant')
+  // Also check for session cookie (HTTP-only, but readable in SSR context)
+  const sessionCookie = useCookie('routebox_session')
   
   // Routes that don't need a toast message (user knows they need to login)
   const silentRoutes = ['/']
 
-  // Quick check: if no tenant cookie, likely not authenticated
-  // The actual session cookie is HTTP-only and can't be read client-side
-  // For a full check, we'd call /api/auth/me, but that's expensive for every route
-  
   // On client side, check the reactive auth state
   if (import.meta.client) {
     const { isAuthenticated, checkAuth } = useAuth()
@@ -46,9 +44,9 @@ export default defineNuxtRouteMiddleware(async (to, from) => {
     return navigateTo('/login')
   }
   
-  // Server-side: check for tenant cookie as a quick indicator
-  // If no tenant cookie, redirect to login
-  if (!tenantCookie.value) {
+  // Server-side: check for both session and tenant cookies
+  // The session cookie is HTTP-only but can be read in SSR context
+  if (!sessionCookie.value || !tenantCookie.value) {
     if (!silentRoutes.includes(to.path)) {
       authMessage.value = 'Please login to access this page'
     }