fix #12: extract session token before dot (Better Auth signed cookie)

Better Auth cookie format is 'token.signature' but DB only stores the
token portion. Split on '.' to extract the actual session token.

src/app/api/compare/route.ts

@@ -30,7 +30,7 @@ export async function POST(request: Request) {
     .split(";")
     .map((c) => c.trim())
     .find((c) => c.startsWith("__Secure-better-auth.session_token=") || c.startsWith("better-auth.session_token="));
-  const token = cookieMatch?.split("=")?.slice(1)?.join("=")?.trim();
+  const token = cookieMatch?.split("=")?.slice(1)?.join("=")?.trim().split(".")[0];
 
   if (!token) {
     return Response.json({ error: "Authentication required" }, { status: 401 });

src/app/api/user/comparisons/route.ts

@@ -11,7 +11,7 @@ export async function GET(request: Request) {
     .split(";")
     .map((c) => c.trim())
     .find((c) => c.startsWith("__Secure-better-auth.session_token=") || c.startsWith("better-auth.session_token="));
-  const token = cookieMatch?.split("=")?.slice(1)?.join("=")?.trim();
+  const token = cookieMatch?.split("=")?.slice(1)?.join("=")?.trim().split(".")[0];
   if (!token) {
     return Response.json({ error: "Unauthorized" }, { status: 401 });
   }

src/app/api/user/stats/route.ts

@@ -11,7 +11,7 @@ export async function GET() {
     .split(";")
     .map((c) => c.trim())
     .find((c) => c.startsWith("__Secure-better-auth.session_token=") || c.startsWith("better-auth.session_token="));
-  const token = cookieMatch?.split("=")?.slice(1)?.join("=")?.trim();
+  const token = cookieMatch?.split("=")?.slice(1)?.join("=")?.trim().split(".")[0];
   if (!token) {
     return Response.json({ error: "Unauthorized" }, { status: 401 });
   }