Real auth is live
Sign in to your XP Life account.
This flow now issues a real session cookie and the habits API reads the authenticated user directly from that session instead of request headers.
What changed
- New accounts are stored in PostgreSQL with hashed passwords.
- Authenticated requests stay signed in with a persistent session cookie.
- Protected routes redirect to `/login` when there is no session.