Protected sessions
Firebase ID tokens are exchanged for secure HTTP-only session cookies so the admin area can be guarded server-side.
This starter includes Firebase email/password authentication, protected admin access, Firestore-backed user data, and a modern App Router UI you can keep building on.
Firebase ID tokens are exchanged for secure HTTP-only session cookies so the admin area can be guarded server-side.
Every signup creates a profile document and each login updates activity metadata for the dashboard.
Grant dashboard access by listing approved admin emails in your environment configuration.