Test login, refresh token, and logout with HttpOnly cookie mode.
In cookie mode, refresh token is read from HttpOnly cookie automatically.
Clears HttpOnly cookie on server.
USE_REFRESH_TOKEN_COOKIE=true in server .envCOOKIE_SECURE=true for production (requires HTTPS)
COOKIE_DOMAIN=.yourdomain.com for subdomain sharing