// ─────────────────────────────────────────────────────────────
// protected/mobile/mobile.js — minimal client for the mobile view.
//
// One behaviour, nothing else:
//   1. Confirm the session is still valid on page load. If the
//      session expired since the server rendered the HTML, bounce
//      to "/" so the user doesn't read gated content without a
//      session cookie (defensive — requireAuth already gates the
//      page request itself).
//
// The customer-facing deck ends on the implementation roadmap; there
// is no "Join" CTA on this view (matching the desktop view), so no
// POST to /api/bifrost-join.
//
// There is no logout button on the mobile view; the masthead is
// logo-only by design. Users who want to log out can do so from a
// desktop session, or by clearing cookies.
//
// No GSAP, no Lenis, no d3. No sharing of globals with the desktop
// timeline/bifrost scripts — this file is only loaded by
// protected/mobile/index.html and never by the desktop view.
// ─────────────────────────────────────────────────────────────

(async function checkSession() {
  try {
    const res = await fetch('/auth/me', { credentials: 'same-origin' });
    if (!res.ok) {
      window.location.href = '/';
    }
  } catch {
    // Network error — do not boot the user out; desktop behaviour is
    // the same. If the next action actually needs the server, we'll
    // surface the error there.
  }
})();