Hi, I am long time PHP developer here (mostly part time though, not my main occupation). I usually make application using Codeigniter (a php framework), boostrap and jquery. I think the stack is outdated as my stack is unchanged since 2014 so I am wiling to learn.
I plan to use svelte as front-end while still using PHP as backend for my next project as a first step of my learning journey. My next project is to make a new student registration site for my workplace. There are several things I am still confused:

  1. Which is better to use for my case, svelte or sveltekit?
  2. If I use just svelte, should I serve it from my php backend as static directory or use different port/subdomain for the backend?
  3. If I use different port/subdomain, how should I handle the cors and csrf protection?
  4. For Authentication and/or authorization, is it safe using php session as usual or I need to use JWT, OAuth or something like that?

any help/advice is appreciated. Thanks. :)