From 5b00d838470cb577bdfafd8cdad42a0cbb7e7b6f Mon Sep 17 00:00:00 2001
From: Chamika J <75464293+chamikaJ@users.noreply.github.com>
Date: Wed, 6 Aug 2025 10:35:35 +0530
Subject: [PATCH] feat(auth): enhance session handling and response logging in
 authentication

- Improved session management by ensuring the session is saved before sending the response in the `AuthController`.
- Added detailed logging for session save operations and included the session ID in the response for better debugging.
- Updated session middleware configuration to enhance security and support mobile applications, including adjustments to cookie settings based on the production environment.
---
 .../src/controllers/auth-controller.ts        | 21 ++++++++++++++-----
 .../src/middlewares/session-middleware.ts     | 20 ++++++++++++------
 2 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/worklenz-backend/src/controllers/auth-controller.ts b/worklenz-backend/src/controllers/auth-controller.ts
index c86dfe5a..2b36fd60 100644
--- a/worklenz-backend/src/controllers/auth-controller.ts
+++ b/worklenz-backend/src/controllers/auth-controller.ts
@@ -259,11 +259,22 @@ export default class AuthController extends WorklenzControllerBase {
         user.build_v = FileConstants.getRelease();
         
         console.log("Sending response...");
-        return res.status(200).send({
-          done: true,
-          message: "Login successful",
-          user,
-          authenticated: true
+        console.log("Response headers before send:", res.getHeaders());
+        
+        // Ensure session is saved before sending response
+        req.session.save((saveErr) => {
+          if (saveErr) {
+            console.log("Session save error:", saveErr);
+          }
+          console.log("Session saved, cookie header:", res.getHeader('set-cookie'));
+          
+          return res.status(200).send({
+            done: true,
+            message: "Login successful",
+            user,
+            authenticated: true,
+            sessionId: req.sessionID // Include for debugging
+          });
         });
       });
     })(req, res, next);
diff --git a/worklenz-backend/src/middlewares/session-middleware.ts b/worklenz-backend/src/middlewares/session-middleware.ts
index cb6cd624..90b800a3 100644
--- a/worklenz-backend/src/middlewares/session-middleware.ts
+++ b/worklenz-backend/src/middlewares/session-middleware.ts
@@ -5,7 +5,7 @@ import { isProduction } from "../shared/utils";
 // eslint-disable-next-line @typescript-eslint/no-var-requires
 const pgSession = require("connect-pg-simple")(session);
 
-export default session({
+const sessionConfig = {
   name: process.env.SESSION_NAME,
   secret: process.env.SESSION_SECRET || "development-secret-key",
   proxy: false,
@@ -18,10 +18,18 @@ export default session({
   }),
   cookie: {
     path: "/",
-    // secure: isProduction(),
-    // httpOnly: isProduction(),
-    // sameSite: "none",
-    // domain: isProduction() ? ".worklenz.com" : undefined,
+    httpOnly: true,
+    // For mobile app support, we might need these settings:
+    sameSite: isProduction() ? "none" as const : "lax" as const,
+    secure: isProduction(), // Required when sameSite is "none"
+    domain: isProduction() ? ".worklenz.com" : undefined,
     maxAge: 30 * 24 * 60 * 60 * 1000 // 30 days
   }
-});
\ No newline at end of file
+};
+
+console.log("Session configuration:", {
+  ...sessionConfig,
+  secret: "[REDACTED]"
+});
+
+export default session(sessionConfig);
\ No newline at end of file