Session-Handling: Store JWT in cookie, not in local storage

[andreas-hellmann]

If JWT is placed in cookie, it's easier to load resources (e.g. avatars) by browser means.
Don't forget to activate CSRF in angular.