Operations control access is restricted to allowlisted Google accounts.
Sessions are server-side in Redis with signed cookies and CSRF protection.