- Review UserSession implementation
- Review auth middleware
- Understand current auth flow
- Add default test user ("alice") to auth middleware
- Make auth optional for testing (fallback to default user)
- Add logging to show which user is being used
- Build successful
- Test cart operations without authentication headers
- Verify default user is used
- Test with explicit user ID to ensure override works