diff --git a/src/routes/admin/albums/+page.svelte b/src/routes/admin/albums/+page.svelte
index c33bd0d..bff9b04 100644
--- a/src/routes/admin/albums/+page.svelte
+++ b/src/routes/admin/albums/+page.svelte
@@ -85,14 +85,8 @@
 
 	async function loadAlbums() {
 		try {
-			const auth = localStorage.getItem('admin_auth')
-			if (!auth) {
-				goto('/admin/login')
-				return
-			}
-
 			const response = await fetch('/api/albums', {
-				headers: { Authorization: `Basic ${auth}` }
+				credentials: 'same-origin'
 			})
 
 			if (!response.ok) {
@@ -200,20 +194,21 @@
 		const album = event.detail.album
 
 		try {
-			const auth = localStorage.getItem('admin_auth')
 			const newStatus = album.status === 'published' ? 'draft' : 'published'
 
 			const response = await fetch(`/api/albums/${album.id}`, {
 				method: 'PATCH',
 				headers: {
-					'Content-Type': 'application/json',
-					Authorization: `Basic ${auth}`
+					'Content-Type': 'application/json'
 				},
-				body: JSON.stringify({ status: newStatus })
+				body: JSON.stringify({ status: newStatus }),
+				credentials: 'same-origin'
 			})
 
 			if (response.ok) {
 				await loadAlbums()
+			} else if (response.status === 401) {
+				goto('/admin/login')
 			}
 		} catch (err) {
 			console.error('Failed to update album status:', err)
@@ -231,15 +226,15 @@
 		if (!albumToDelete) return
 
 		try {
-			const auth = localStorage.getItem('admin_auth')
-
 			const response = await fetch(`/api/albums/${albumToDelete.id}`, {
 				method: 'DELETE',
-				headers: { Authorization: `Basic ${auth}` }
+				credentials: 'same-origin'
 			})
 
 			if (response.ok) {
 				await loadAlbums()
+			} else if (response.status === 401) {
+				goto('/admin/login')
 			} else {
 				const errorData = await response.json()
 				error = errorData.error || 'Failed to delete album'
diff --git a/src/routes/admin/albums/[id]/edit/+page.svelte b/src/routes/admin/albums/[id]/edit/+page.svelte
index 6a7ede5..706943e 100644
--- a/src/routes/admin/albums/[id]/edit/+page.svelte
+++ b/src/routes/admin/albums/[id]/edit/+page.svelte
@@ -17,17 +17,15 @@
 
 	async function loadAlbum() {
 		try {
-			const auth = localStorage.getItem('admin_auth')
-			if (!auth) {
-				goto('/admin/login')
-				return
-			}
-
 			const response = await fetch(`/api/albums/${albumId}`, {
-				headers: { Authorization: `Basic ${auth}` }
+				credentials: 'same-origin'
 			})
 
 			if (!response.ok) {
+				if (response.status === 401) {
+					goto('/admin/login')
+					return
+				}
 				throw new Error('Failed to load album')
 			}
 
diff --git a/src/routes/admin/media/audit/+page.svelte b/src/routes/admin/media/audit/+page.svelte
index 5ce9df1..39a898d 100644
--- a/src/routes/admin/media/audit/+page.svelte
+++ b/src/routes/admin/media/audit/+page.svelte
@@ -66,19 +66,14 @@
 		selectedFiles.clear()
 
 		try {
-			const auth = localStorage.getItem('admin_auth')
-			if (!auth) {
-				error = 'Not authenticated'
-				loading = false
-				return
-			}
-
 			const response = await fetch('/api/admin/cloudinary-audit', {
-				headers: {
-					Authorization: `Basic ${auth}`
-				}
+				credentials: 'same-origin'
 			})
 			if (!response.ok) {
+				if (response.status === 401) {
+					goto('/admin/login')
+					return
+				}
 				throw new Error('Failed to fetch audit data')
 			}
 			auditData = await response.json()
@@ -119,26 +114,23 @@
 		deleteResults = null
 
 		try {
-			const auth = localStorage.getItem('admin_auth')
-			if (!auth) {
-				error = 'Not authenticated'
-				deleting = false
-				return
-			}
-
 			const response = await fetch('/api/admin/cloudinary-audit', {
 				method: 'DELETE',
 				headers: {
-					'Content-Type': 'application/json',
-					Authorization: `Basic ${auth}`
+					'Content-Type': 'application/json'
 				},
 				body: JSON.stringify({
 					publicIds: Array.from(selectedFiles),
 					dryRun
-				})
+				}),
+				credentials: 'same-origin'
 			})
 
 			if (!response.ok) {
+				if (response.status === 401) {
+					goto('/admin/login')
+					return
+				}
 				throw new Error('Failed to delete files')
 			}
 
@@ -175,25 +167,22 @@
 		cleanupResults = null
 
 		try {
-			const auth = localStorage.getItem('admin_auth')
-			if (!auth) {
-				error = 'Not authenticated'
-				cleaningUp = false
-				return
-			}
-
 			const response = await fetch('/api/admin/cloudinary-audit', {
 				method: 'PATCH',
 				headers: {
-					'Content-Type': 'application/json',
-					Authorization: `Basic ${auth}`
+					'Content-Type': 'application/json'
 				},
 				body: JSON.stringify({
 					publicIds: auditData.missingReferences
-				})
+				}),
+				credentials: 'same-origin'
 			})
 
 			if (!response.ok) {
+				if (response.status === 401) {
+					goto('/admin/login')
+					return
+				}
 				throw new Error('Failed to clean up broken references')
 			}
 
diff --git a/src/routes/admin/media/regenerate/+page.svelte b/src/routes/admin/media/regenerate/+page.svelte
index 1a515d8..c1562ed 100644
--- a/src/routes/admin/media/regenerate/+page.svelte
+++ b/src/routes/admin/media/regenerate/+page.svelte
@@ -40,27 +40,20 @@
 	} | null>(null)
 
 	onMount(() => {
-		// Check authentication
-		const auth = localStorage.getItem('admin_auth')
-		if (!auth) {
-			goto('/admin/login')
-		} else {
-			fetchMediaStats()
-		}
+		fetchMediaStats()
 	})
 
 	async function fetchMediaStats() {
 		try {
-			const auth = localStorage.getItem('admin_auth')
-			if (!auth) return
-
 			const response = await fetch('/api/admin/media-stats', {
-				headers: {
-					Authorization: `Basic ${auth}`
-				}
+				credentials: 'same-origin'
 			})
 
 			if (!response.ok) {
+				if (response.status === 401) {
+					goto('/admin/login')
+					return
+				}
 				throw new Error('Failed to fetch media stats')
 			}
 
@@ -76,20 +69,16 @@
 		colorExtractionResults = null
 
 		try {
-			const auth = localStorage.getItem('admin_auth')
-			if (!auth) {
-				error = 'Not authenticated'
-				return
-			}
-
 			const response = await fetch('/api/admin/cloudinary-extract-colors', {
 				method: 'POST',
-				headers: {
-					Authorization: `Basic ${auth}`
-				}
+				credentials: 'same-origin'
 			})
 
 			if (!response.ok) {
+				if (response.status === 401) {
+					goto('/admin/login')
+					return
+				}
 				throw new Error('Failed to extract colors')
 			}
 
@@ -111,20 +100,16 @@
 		thumbnailResults = null
 
 		try {
-			const auth = localStorage.getItem('admin_auth')
-			if (!auth) {
-				error = 'Not authenticated'
-				return
-			}
-
 			const response = await fetch('/api/admin/regenerate-thumbnails', {
 				method: 'POST',
-				headers: {
-					Authorization: `Basic ${auth}`
-				}
+				credentials: 'same-origin'
 			})
 
 			if (!response.ok) {
+				if (response.status === 401) {
+					goto('/admin/login')
+					return
+				}
 				throw new Error('Failed to regenerate thumbnails')
 			}
 
@@ -146,20 +131,16 @@
 		reanalysisResults = null
 
 		try {
-			const auth = localStorage.getItem('admin_auth')
-			if (!auth) {
-				error = 'Not authenticated'
-				return
-			}
-
 			const response = await fetch('/api/admin/reanalyze-colors', {
 				method: 'POST',
-				headers: {
-					Authorization: `Basic ${auth}`
-				}
+				credentials: 'same-origin'
 			})
 
 			if (!response.ok) {
+				if (response.status === 401) {
+					goto('/admin/login')
+					return
+				}
 				throw new Error('Failed to reanalyze colors')
 			}
 
diff --git a/src/routes/admin/media/upload/+page.svelte b/src/routes/admin/media/upload/+page.svelte
index 53b7952..f92b7ee 100644
--- a/src/routes/admin/media/upload/+page.svelte
+++ b/src/routes/admin/media/upload/+page.svelte
@@ -2,7 +2,6 @@
 	import { goto } from '$app/navigation'
 	import AdminPage from '$lib/components/admin/AdminPage.svelte'
 	import Button from '$lib/components/admin/Button.svelte'
-	import { onMount } from 'svelte'
 
 	let files = $state<File[]>([])
 	let dragActive = $state(false)
@@ -12,14 +11,6 @@
 	let successCount = $state(0)
 	let fileInput: HTMLInputElement
 
-	onMount(() => {
-		// Check authentication
-		const auth = localStorage.getItem('admin_auth')
-		if (!auth) {
-			goto('/admin/login')
-		}
-	})
-
 	function handleDragOver(event: DragEvent) {
 		event.preventDefault()
 		dragActive = true
@@ -86,13 +77,6 @@
 		successCount = 0
 		uploadProgress = {}
 
-		const auth = localStorage.getItem('admin_auth')
-		if (!auth) {
-			uploadErrors = ['Authentication required']
-			isUploading = false
-			return
-		}
-
 		// Upload files individually to show progress
 		for (const file of files) {
 			try {
@@ -101,10 +85,8 @@
 
 				const response = await fetch('/api/media/upload', {
 					method: 'POST',
-					headers: {
-						Authorization: `Basic ${auth}`
-					},
-					body: formData
+					body: formData,
+					credentials: 'same-origin'
 				})
 
 				if (!response.ok) {
diff --git a/src/routes/api/media/[id]/albums/+server.ts b/src/routes/api/media/[id]/albums/+server.ts
index abb6827..e419074 100644
--- a/src/routes/api/media/[id]/albums/+server.ts
+++ b/src/routes/api/media/[id]/albums/+server.ts
@@ -7,8 +7,7 @@ export const GET: RequestHandler = async (event) => {
 		const mediaId = parseInt(event.params.id)
 
 		// Check if this is an admin request
-		const authCheck = await checkAdminAuth(event)
-		const isAdmin = authCheck.isAuthenticated
+		const isAdmin = checkAdminAuth(event)
 
 		// Get all albums associated with this media item
 		const albumMedia = await prisma.albumMedia.findMany({
@@ -55,8 +54,7 @@ export const GET: RequestHandler = async (event) => {
 
 export const PUT: RequestHandler = async (event) => {
 	// Check authentication
-	const authCheck = await checkAdminAuth(event)
-	if (!authCheck.isAuthenticated) {
+	if (!checkAdminAuth(event)) {
 		return errorResponse('Unauthorized', 401)
 	}