After logout, the old auth.token and selectedCompany stayed in
localStorage. On next login, the http interceptor sent the stale
token in the Authorization header, causing all API calls to fail
with 401/419 even though the new session was valid.
After logout invalidates the session, the SPA still holds the old CSRF
cookie. Subsequent login attempts succeed but bootstrap/API calls fail
with CSRF mismatch, causing redirect back to login. Fix: fetch a fresh
CSRF cookie via /sanctum/csrf-cookie after logout completes.
Migrate all 37 store definitions from the deprecated object-with-id
signature to the string-id-first signature required by Pinia 3:
defineStore({ id: 'name', ... }) → defineStore('name', { ... })
* refactor: add HTTP client wrapper and upgrade axios to v1
Introduce a thin HTTP wrapper (resources/scripts/http) that centralizes
axios configuration, interceptors, and auth header injection. All 43
files now import from the wrapper instead of axios directly, making
future library swaps a single-file change. Upgrade axios from 0.30.0
to 1.14.0.
* fix: restore window.Ls assignment removed during axios refactor
company.js uses window.Ls.set() to persist selected company,
which broke after the axios plugin (that set window.Ls) was deleted.
