feat(auth): enhance session handling and response logging in authentication

- Improved session management by ensuring the session is saved before sending the response in the `AuthController`. - Added detailed logging for session save operations and included the session ID in the response for better debugging. - Updated session middleware configuration to enhance security and support mobile applications, including adjustments to cookie settings based on the production environment.
2025-08-06 10:35:35 +05:30
parent 8e5d55ce7d
commit 5b00d83847
2 changed files with 30 additions and 11 deletions
--- a/worklenz-backend/src/controllers/auth-controller.ts
+++ b/worklenz-backend/src/controllers/auth-controller.ts
@@ -259,11 +259,22 @@ export default class AuthController extends WorklenzControllerBase {
        user.build_v = FileConstants.getRelease();
        
        console.log("Sending response...");
+        console.log("Response headers before send:", res.getHeaders());
+        
+        // Ensure session is saved before sending response
+        req.session.save((saveErr) => {
+          if (saveErr) {
+            console.log("Session save error:", saveErr);
+          }
+          console.log("Session saved, cookie header:", res.getHeader('set-cookie'));
+          
          return res.status(200).send({
            done: true,
            message: "Login successful",
            user,
-          authenticated: true
+            authenticated: true,
+            sessionId: req.sessionID // Include for debugging
+          });
        });
      });
    })(req, res, next);
--- a/worklenz-backend/src/middlewares/session-middleware.ts
+++ b/worklenz-backend/src/middlewares/session-middleware.ts
@@ -5,7 +5,7 @@ import { isProduction } from "../shared/utils";
 // eslint-disable-next-line @typescript-eslint/no-var-requires
 const pgSession = require("connect-pg-simple")(session);

-export default session({
+const sessionConfig = {
  name: process.env.SESSION_NAME,
  secret: process.env.SESSION_SECRET || "development-secret-key",
  proxy: false,
@@ -18,10 +18,18 @@ export default session({
  }),
  cookie: {
    path: "/",
-    // secure: isProduction(),
-    // httpOnly: isProduction(),
-    // sameSite: "none",
-    // domain: isProduction() ? ".worklenz.com" : undefined,
+    httpOnly: true,
+    // For mobile app support, we might need these settings:
+    sameSite: isProduction() ? "none" as const : "lax" as const,
+    secure: isProduction(), // Required when sameSite is "none"
+    domain: isProduction() ? ".worklenz.com" : undefined,
    maxAge: 30 * 24 * 60 * 60 * 1000 // 30 days
  }
+};
+
+console.log("Session configuration:", {
+  ...sessionConfig,
+  secret: "[REDACTED]"
 });
+
+export default session(sessionConfig);