Merge branch 'fix/frontend-staff-session-auth' into develop

frontend/src/app/pages/check-in-placeholder-page.component.ts

@@ -170,7 +170,7 @@ type BarcodeDetectorConstructor = new (options?: { formats?: string[] }) => Barc
             <p class="error-message" aria-live="assertive">This reservation is already checked in.</p>
           }
           @if (state() === 'unauthorized') {
-            <p class="error-message" aria-live="assertive">You are not authorized. Staff login is required.</p>
+            <p class="error-message" aria-live="assertive">You are not authorized. Log into <code>/admin</code> with a staff account, then retry this check-in.</p>
           }
           @if (state() === 'error') {
             <p class="error-message" aria-live="assertive">Something went wrong. Please try again.</p>

frontend/src/app/services/shows-api.service.ts

@@ -115,10 +115,18 @@ export class ShowsApiService {
   }
 
   previewCheckIn(token: string): Observable<CheckInPreviewResponse> {
-    return this.http.post<CheckInPreviewResponse>(`${this.apiBaseUrl}/check-ins/preview/`, { token });
+    return this.http.post<CheckInPreviewResponse>(
+      `${this.apiBaseUrl}/check-ins/preview/`,
+      { token },
+      { withCredentials: true },
+    );
   }
 
   confirmCheckIn(token: string): Observable<CheckInConfirmResponse> {
-    return this.http.post<CheckInConfirmResponse>(`${this.apiBaseUrl}/check-ins/confirm/`, { token });
+    return this.http.post<CheckInConfirmResponse>(
+      `${this.apiBaseUrl}/check-ins/confirm/`,
+      { token },
+      { withCredentials: true },
+    );
   }
 }