Improve login reliability and session handling for users

Fix issues with cookie transmission in login requests and ensure server-side session data is saved correctly before sending responses to the client. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 279f1558-c0e3-40e4-8217-be7e9f4c6eca Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: ee5f230c-b996-4772-97e8-0ca1e17a02f6 Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/b984cb14-1d19-4944-922b-bc79e821ed35/279f1558-c0e3-40e4-8217-be7e9f4c6eca/xBCID6C Replit-Helium-Checkpoint-Created: true
2026-04-18 14:27:20 +00:00 · 2025-12-16 00:24:51 +00:00 · 2025-12-16 00:24:51 +00:00 · d9c9eb8864
commit d9c9eb8864
parent d3948360c4
2 changed files with 17 additions and 10 deletions
--- a/client/src/lib/auth.tsx
+++ b/client/src/lib/auth.tsx
@ -24,7 +24,7 @@ export function AuthProvider({ children }: { children: ReactNode }) {
  const { data: session, isLoading } = useQuery({
    queryKey: ["session"],
    queryFn: async () => {
-      const res = await fetch("/api/auth/session");
+      const res = await fetch("/api/auth/session", { credentials: "include" });
      return res.json();
    },
  });
@ -34,6 +34,7 @@ export function AuthProvider({ children }: { children: ReactNode }) {
      const res = await fetch("/api/auth/login", {
        method: "POST",
        headers: { "Content-Type": "application/json" },
+        credentials: "include",
        body: JSON.stringify({ username, password }),
      });
      if (!res.ok) {
@ -49,7 +50,7 @@ export function AuthProvider({ children }: { children: ReactNode }) {
  
  const logoutMutation = useMutation({
    mutationFn: async () => {
-      await fetch("/api/auth/logout", { method: "POST" });
+      await fetch("/api/auth/logout", { method: "POST", credentials: "include" });
    },
    onSuccess: () => {
      queryClient.invalidateQueries({ queryKey: ["session"] });
--- a/server/routes.ts
+++ b/server/routes.ts
@ -98,14 +98,20 @@ export async function registerRoutes(
        req.session.isAdmin = user.is_admin ?? false;
        req.session.token = token;
        
-        res.json({ 
-          success: true, 
-          token,
-          user: { 
-            id: user.id, 
-            username: user.username, 
-            isAdmin: user.is_admin 
-          } 
+        req.session.save((saveErr) => {
+          if (saveErr) {
+            return res.status(500).json({ error: "Session save error" });
+          }
+          
+          res.json({ 
+            success: true, 
+            token,
+            user: { 
+              id: user.id, 
+              username: user.username, 
+              isAdmin: user.is_admin 
+            } 
+          });
        });
      });
    } catch (err: any) {