e71c330bdd
Login was returning 200 + correct user JSON + writing a row to the sessions table, but emitting zero Set-Cookie headers. Root cause: session.regenerate() → set fields → session.save() → res.json() Calling session.save() manually writes the store but bypasses express-session's res.end() hook, which is the only path that adds the Set-Cookie header to the response. The cookie was never sent to the browser even though the session existed server-side — hence the redirect loop. Fix: remove the manual save(). Set the session fields and call res.json() directly inside regenerate()'s callback; express-session handles store write + Set-Cookie automatically on res.end(). |
||
|---|---|---|
| .. | ||
| src | ||
| .env.example | ||
| .gitignore | ||
| Dockerfile | ||
| package.json | ||