This replaces the current implementation
where a bearer header holds the auth-token.
Now the same token is being sent using a cookie instead.
This greatly simplifies fetching resources (images and video),
since the header is sent along implicitly with each request.