The frontend is a NextJS app using Mantine for the UI.
The app uses Iron Session for the encrypted session store (cookie storage).
Since both the frontend and backend use the same config, both are able to read and modify the session.
Access control on the frontend is handled by NextJS middleware. Here is the backend login method