diff --git a/backend/.env.example b/backend/.env.example
new file mode 100644
index 00000000..64da3224
--- /dev/null
+++ b/backend/.env.example
@@ -0,0 +1,3 @@
+#SESSION_SECRET=your_secret_here
+MONGO_URI=mongodb://localhost:27017/github_tracker
+PORT=5000
\ No newline at end of file
diff --git a/backend/models/User.js b/backend/models/User.js
index eb506ed5..be084301 100644
--- a/backend/models/User.js
+++ b/backend/models/User.js
@@ -31,4 +31,12 @@ UserSchema.methods.comparePassword = async function (enteredPassword) {
   return bcrypt.compare(enteredPassword, this.password);
 };
 
+UserSchema.methods.toSafeObject = function () {
+  return {
+    id: this._id,
+    username: this.username,
+    email: this.email,
+  };
+};
+
 module.exports = mongoose.model("User", UserSchema);
\ No newline at end of file
diff --git a/backend/routes/auth.js b/backend/routes/auth.js
index 7c2cda78..d6162b73 100644
--- a/backend/routes/auth.js
+++ b/backend/routes/auth.js
@@ -32,7 +32,7 @@ router.post("/signup", validateRequest(signupSchema), async (req, res) => {
 
 // Login route
 router.post("/login", validateRequest(loginSchema), passport.authenticate('local'), (req, res) => {
-    res.status(200).json( { message: 'Login successful', user: req.user } );
+    res.status(200).json({ message: 'Login successful', user: req.user.toSafeObject() });
 });
 
 // Logout route
diff --git a/backend/server.js b/backend/server.js
index e9b43f83..c819ec15 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -16,6 +16,15 @@ const app = express();
 // CORS configuration
 app.use(cors('*'));
 
+const REQUIRED_ENV = ['SESSION_SECRET', 'MONGO_URI'];
+
+for (const key of REQUIRED_ENV) {
+  if (!process.env[key]) {
+    console.error(`[startup] Missing required environment variable: ${key}`);
+    process.exit(1);
+  }
+}
+
 // Middleware
 app.use(bodyParser.json());
 app.use(session({