diff --git a/server/server.js b/server/server.js
index bb68692..94a8f06 100644
--- a/server/server.js
+++ b/server/server.js
@@ -56,8 +56,8 @@ app.use(cors({
 app.use(express.json());
 app.use(session({
   secret: process.env.SESSION_SECRET || 'your-secret-key-change-this',
-  resave: true,
-  saveUninitialized: false,
+  resave: false,
+  saveUninitialized: true,
   rolling: true,
   cookie: {
     secure: process.env.NODE_ENV === 'production',
@@ -117,10 +117,20 @@ app.get('/auth/steam/return',
     console.log('Request host:', req.get('host'));
     console.log('Request headers:', req.headers);
     console.log('Response will set cookie for domain:', req.get('host'));
-    // In production, redirect to root since frontend and backend are on same domain
-    const redirectUrl = process.env.NODE_ENV === 'production' ? '/' : FRONTEND_URL;
-    console.log('Redirecting to:', redirectUrl);
-    res.redirect(redirectUrl);
+    
+    // Explicitly save the session before redirecting
+    req.session.save((err) => {
+      if (err) {
+        console.error('Session save error:', err);
+        return res.redirect('/');
+      }
+      console.log('Session saved successfully');
+      
+      // In production, redirect to root since frontend and backend are on same domain
+      const redirectUrl = process.env.NODE_ENV === 'production' ? '/' : FRONTEND_URL;
+      console.log('Redirecting to:', redirectUrl);
+      res.redirect(redirectUrl);
+    });
   }
 );
 
@@ -147,6 +157,17 @@ app.get('/auth/user', (req, res) => {
   }
 });
 
+// Debug endpoint to test cookies
+app.get('/debug/cookies', (req, res) => {
+  res.json({
+    sessionID: req.sessionID,
+    cookies: req.headers.cookie,
+    session: req.session,
+    isAuthenticated: req.isAuthenticated(),
+    user: req.user
+  });
+});
+
 // Vote submission endpoint
 app.post('/api/submit-vote', async (req, res) => {
   if (!req.isAuthenticated()) {