From 08981200ebc26c5ad48338941d75113657dd2ac6 Mon Sep 17 00:00:00 2001
From: ethanf <ethanf@warabi.co>
Date: Thu, 14 Aug 2025 15:58:28 -0500
Subject: [PATCH] fix: remove domain setting from session cookie and enhance
 logging for authentication

---
 server/server.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/server/server.js b/server/server.js
index ed6fc54..bb68692 100644
--- a/server/server.js
+++ b/server/server.js
@@ -63,8 +63,7 @@ app.use(session({
     secure: process.env.NODE_ENV === 'production',
     maxAge: 24 * 60 * 60 * 1000, // 24 hours
     httpOnly: true,
-    sameSite: process.env.NODE_ENV === 'production' ? 'lax' : 'lax',
-    domain: process.env.NODE_ENV === 'production' ? new URL(PRODUCTION_DOMAIN).hostname : undefined
+    sameSite: process.env.NODE_ENV === 'production' ? 'lax' : 'lax'
   },
   name: 's22poll.sid'
 }));
@@ -115,6 +114,9 @@ app.get('/auth/steam/return',
     console.log('User authenticated:', req.user);
     console.log('Session ID:', req.sessionID);
     console.log('Session:', req.session);
+    console.log('Request host:', req.get('host'));
+    console.log('Request headers:', req.headers);
+    console.log('Response will set cookie for domain:', req.get('host'));
     // In production, redirect to root since frontend and backend are on same domain
     const redirectUrl = process.env.NODE_ENV === 'production' ? '/' : FRONTEND_URL;
     console.log('Redirecting to:', redirectUrl);
@@ -136,6 +138,8 @@ app.get('/auth/user', (req, res) => {
   console.log('Auth check - Is authenticated:', req.isAuthenticated());
   console.log('Auth check - User:', req.user);
   console.log('Auth check - Session:', req.session);
+  console.log('Auth check - Request host:', req.get('host'));
+  console.log('Auth check - Cookies:', req.headers.cookie);
   if (req.isAuthenticated()) {
     res.json({ user: req.user });
   } else {