diff --git a/server/server.js b/server/server.js
index fd23aea..a7c7835 100644
--- a/server/server.js
+++ b/server/server.js
@@ -44,9 +44,12 @@ async function saveVotes(votes) {
 // Middleware
 app.use(cors({
   origin: process.env.NODE_ENV === 'production' 
-    ? [process.env.FRONTEND_URL, process.env.DOMAIN] 
+    ? ['https://s22.ethanf.gg'] 
     : FRONTEND_URL,
-  credentials: true
+  credentials: true,
+  methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+  allowedHeaders: ['Content-Type', 'Authorization', 'Cookie'],
+  exposedHeaders: ['Set-Cookie']
 }));
 
 app.use(express.json());
@@ -68,6 +71,18 @@ app.use(session({
 app.use(passport.initialize());
 app.use(passport.session());
 
+// Add debugging middleware to track sessions
+app.use((req, res, next) => {
+  console.log(`${new Date().toISOString()} - ${req.method} ${req.url}`);
+  console.log('Session ID:', req.sessionID);
+  console.log('Session data:', req.session);
+  console.log('User authenticated:', req.isAuthenticated());
+  console.log('User data:', req.user);
+  console.log('Cookie header:', req.headers.cookie);
+  console.log('---');
+  next();
+});
+
 // Serve static files from React build in production
 if (process.env.NODE_ENV === 'production') {
   app.use(express.static(path.join(__dirname, '../dist')));
@@ -102,6 +117,20 @@ passport.deserializeUser((user, done) => {
   done(null, user);
 });
 
+// Session debug endpoint
+app.get('/debug/session', (req, res) => {
+  res.json({
+    sessionID: req.sessionID,
+    isAuthenticated: req.isAuthenticated(),
+    user: req.user,
+    session: req.session,
+    cookies: req.headers.cookie,
+    secure: req.secure,
+    protocol: req.protocol,
+    host: req.get('host')
+  });
+});
+
 // Routes
 app.get('/auth/steam', passport.authenticate('steam'));