Remove session-based authentication (express-session, cookies, Redis, Passport sessions) #4
Description
Goal
Completely eliminate session dependencies and ensure backend runs fully stateless.
Scope
Search & remove from:
- server bootstrap
- middleware config
- auth controllers
- config files
- references in comments
Requirements
Remove:
- express-session
- Passport session logic
- Cookie-based auth
- Redis/session store configs
- Session validation helpers
- Any docs referencing sessions
Ensure app boots cleanly.
Acceptance Criteria (Checklist)
- No express-session import anywhere
- No cookie auth references
- No session middleware configured
- No unused session environment variables
- App boots without warnings
- Auth still works using JWT
Cleanup Expectations
- Remove dead code
- Remove unused dependencies
- Update README if needed
Proof Required (attach in PR)
- Before/after diff screenshot
- Screenshot of server boot logs
- Confirmation note: “Sessions fully removed”
PR Notes
- Carefully verify no hidden session remnants
- Leave comment explaining changes for future devs