- Fix login loop: secure cookie detection now uses x-forwarded-proto/origin
headers to correctly identify HTTPS requests through Tailscale Funnel
- Add credentials: include to login/register fetch calls
- Verify session after login/registration before redirecting to prevent race conditions
- Fix repeated medication reminders: isDue() now matches exact minute instead of
5-minute tolerance window, preventing duplicate notifications when sender runs
every minute
- Add tests for cookie security and notification scheduling
- Extract isDue() to separate module for better testability
