From d9c9eb886475ca606c782ca6b394f141924eecb8 Mon Sep 17 00:00:00 2001
From: sirpiglr <49359077-sirpiglr@users.noreply.replit.com>
Date: Tue, 16 Dec 2025 00:24:51 +0000
Subject: [PATCH] Improve login reliability and session handling for users

Fix issues with cookie transmission in login requests and ensure server-side session data is saved correctly before sending responses to the client.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 279f1558-c0e3-40e4-8217-be7e9f4c6eca
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: ee5f230c-b996-4772-97e8-0ca1e17a02f6
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/b984cb14-1d19-4944-922b-bc79e821ed35/279f1558-c0e3-40e4-8217-be7e9f4c6eca/xBCID6C
Replit-Helium-Checkpoint-Created: true
---
 client/src/lib/auth.tsx |  5 +++--
 server/routes.ts        | 22 ++++++++++++++--------
 2 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/client/src/lib/auth.tsx b/client/src/lib/auth.tsx
index 682dd75..1ea6799 100644
--- a/client/src/lib/auth.tsx
+++ b/client/src/lib/auth.tsx
@@ -24,7 +24,7 @@ export function AuthProvider({ children }: { children: ReactNode }) {
   const { data: session, isLoading } = useQuery({
     queryKey: ["session"],
     queryFn: async () => {
-      const res = await fetch("/api/auth/session");
+      const res = await fetch("/api/auth/session", { credentials: "include" });
       return res.json();
     },
   });
@@ -34,6 +34,7 @@ export function AuthProvider({ children }: { children: ReactNode }) {
       const res = await fetch("/api/auth/login", {
         method: "POST",
         headers: { "Content-Type": "application/json" },
+        credentials: "include",
         body: JSON.stringify({ username, password }),
       });
       if (!res.ok) {
@@ -49,7 +50,7 @@ export function AuthProvider({ children }: { children: ReactNode }) {
   
   const logoutMutation = useMutation({
     mutationFn: async () => {
-      await fetch("/api/auth/logout", { method: "POST" });
+      await fetch("/api/auth/logout", { method: "POST", credentials: "include" });
     },
     onSuccess: () => {
       queryClient.invalidateQueries({ queryKey: ["session"] });
diff --git a/server/routes.ts b/server/routes.ts
index 0a62dee..e4118cc 100644
--- a/server/routes.ts
+++ b/server/routes.ts
@@ -98,14 +98,20 @@ export async function registerRoutes(
         req.session.isAdmin = user.is_admin ?? false;
         req.session.token = token;
         
-        res.json({ 
-          success: true, 
-          token,
-          user: { 
-            id: user.id, 
-            username: user.username, 
-            isAdmin: user.is_admin 
-          } 
+        req.session.save((saveErr) => {
+          if (saveErr) {
+            return res.status(500).json({ error: "Session save error" });
+          }
+          
+          res.json({ 
+            success: true, 
+            token,
+            user: { 
+              id: user.id, 
+              username: user.username, 
+              isAdmin: user.is_admin 
+            } 
+          });
         });
       });
     } catch (err: any) {