From dbdb455772962fca20ddd3dac81f61dcc5e5680b Mon Sep 17 00:00:00 2001
From: Ryderjj89 <raiden89@live.com>
Date: Sat, 13 Sep 2025 17:16:22 -0400
Subject: [PATCH] Fix session cookie configuration and add debugging for
 authentication issues

---
 backend/src/auth.js  | 11 +++++++++--
 backend/src/index.js |  5 ++++-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/backend/src/auth.js b/backend/src/auth.js
index 7ad050ed..43aac86c 100644
--- a/backend/src/auth.js
+++ b/backend/src/auth.js
@@ -47,8 +47,10 @@ function configureAuth(app) {
     resave: false,
     saveUninitialized: false,
     cookie: {
-      secure: process.env.NODE_ENV === 'production',
-      maxAge: 24 * 60 * 60 * 1000 // 24 hours
+      secure: false, // Set to false for development/HTTP
+      httpOnly: true,
+      maxAge: 24 * 60 * 60 * 1000, // 24 hours
+      sameSite: 'lax'
     }
   }));
 
@@ -121,6 +123,11 @@ function configureAuth(app) {
 
   // Get current user
   app.get('/auth/user', (req, res) => {
+    console.log('Auth check - Session ID:', req.sessionID);
+    console.log('Auth check - Is authenticated:', req.isAuthenticated());
+    console.log('Auth check - User:', req.user);
+    console.log('Auth check - Session:', req.session);
+    
     if (req.isAuthenticated()) {
       res.json({
         user: {
diff --git a/backend/src/index.js b/backend/src/index.js
index 01ae70a0..a9da475b 100644
--- a/backend/src/index.js
+++ b/backend/src/index.js
@@ -18,7 +18,10 @@ app.use(helmet({
 }));
 app.use(cors({
   origin: process.env.FRONTEND_URL || true,
-  credentials: true
+  credentials: true,
+  methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+  allowedHeaders: ['Content-Type', 'Authorization', 'Cookie'],
+  exposedHeaders: ['Set-Cookie']
 }));
 app.use(express.json());