From cc68a5e9cc1e1eed58b0c5531446194ba501c3a0 Mon Sep 17 00:00:00 2001
From: Chamika J <75464293+chamikaJ@users.noreply.github.com>
Date: Wed, 6 Aug 2025 11:06:36 +0530
Subject: [PATCH] feat(auth): improve session cookie handling and logging in
 middleware

- Enhanced session middleware to create or replace session cookies based on header values, ensuring proper session management for mobile applications.
- Added detailed logging for cookie headers and session ID usage to facilitate debugging and traceability.
- Updated logic to maintain existing cookies while injecting the session cookie, improving compatibility with other cookies.
---
 .../src/middlewares/session-middleware.ts     | 23 ++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/worklenz-backend/src/middlewares/session-middleware.ts b/worklenz-backend/src/middlewares/session-middleware.ts
index 2c469356..af666a2e 100644
--- a/worklenz-backend/src/middlewares/session-middleware.ts
+++ b/worklenz-backend/src/middlewares/session-middleware.ts
@@ -44,10 +44,27 @@ export default (req: any, res: any, next: any) => {
   const headerSessionId = req.headers['x-session-id'];
   const headerSessionName = req.headers['x-session-name'];
   
-  if (headerSessionId && headerSessionName && !req.headers.cookie) {
+  console.log("Session middleware debug:");
+  console.log("- Cookie header:", req.headers.cookie);
+  console.log("- X-Session-ID header:", headerSessionId);
+  console.log("- X-Session-Name header:", headerSessionName);
+  
+  if (headerSessionId && headerSessionName) {
     console.log("Mobile app using header-based session:", headerSessionId);
-    // Inject the session cookie from header for session middleware to process
-    req.headers.cookie = `${headerSessionName}=s%3A${headerSessionId}`;
+    // Create or override the cookie header with the session from header
+    const sessionCookie = `${headerSessionName}=s%3A${headerSessionId}`;
+    if (req.headers.cookie) {
+      // Replace existing session cookie while keeping other cookies
+      req.headers.cookie = req.headers.cookie
+        .split(';')
+        .filter((cookie: string) => !cookie.trim().startsWith(headerSessionName))
+        .concat(sessionCookie)
+        .join(';');
+    } else {
+      // Set the session cookie from header
+      req.headers.cookie = sessionCookie;
+    }
+    console.log("Updated cookie header:", req.headers.cookie);
   }
   
   sessionMiddleware(req, res, next);