From d55fbcfdc5ec64acb00692ecae67e7d74a0d0305 Mon Sep 17 00:00:00 2001
From: anshul23102 <anshul23102@iiitd.ac.in>
Date: Sat, 23 May 2026 23:10:03 +0530
Subject: [PATCH] fix(auth): add withCredentials and fix CORS to persist
 session cookies

Login.tsx and Signup.tsx were sending axios POST requests without
{ withCredentials: true }, so the browser silently discarded the
Set-Cookie header on every cross-origin login/signup response. No
session cookie was ever stored, making every subsequent request
appear unauthenticated.

Changes:
- src/pages/Login/Login.tsx: pass { withCredentials: true } as the
  third argument to axios.post for /api/auth/login
- src/pages/Signup/Signup.tsx: same fix for /api/auth/signup; also
  remove the stale "Include cookies for session" comment that noted
  the intent but was never fulfilled
- backend/server.js: replace cors('*') with a credentials-aware
  config (origin: FRONTEND_URL, credentials: true); a wildcard origin
  is rejected by browsers when credentials are present, so a specific
  origin is required for Set-Cookie to be honoured

Fixes #414
---
 src/pages/Login/Login.tsx   | 6 +++++-
 src/pages/Signup/Signup.tsx | 8 +++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/pages/Login/Login.tsx b/src/pages/Login/Login.tsx
index 92b7073e..1e685e5e 100644
--- a/src/pages/Login/Login.tsx
+++ b/src/pages/Login/Login.tsx
@@ -30,7 +30,11 @@ const Login: React.FC = () => {
     setIsLoading(true);
 
     try {
-      const response = await axios.post(`${backendUrl}/api/auth/login`, formData);
+      const response = await axios.post(
+        `${backendUrl}/api/auth/login`,
+        formData,
+        { withCredentials: true }
+      );
       setMessage(response.data.message);
 
       if (response.data.message === 'Login successful') {
diff --git a/src/pages/Signup/Signup.tsx b/src/pages/Signup/Signup.tsx
index 2ac51dcc..8c592c67 100644
--- a/src/pages/Signup/Signup.tsx
+++ b/src/pages/Signup/Signup.tsx
@@ -83,10 +83,12 @@ const SignUp: React.FC = () => {
     }
     setIsLoading(true);
     try {
-      const response = await axios.post(`${backendUrl}/api/auth/signup`,
-        formData // Include cookies for session
+      const response = await axios.post(
+        `${backendUrl}/api/auth/signup`,
+        formData,
+        { withCredentials: true }
       );
-      setMessage(response.data.message); // Show success message from backend
+      setMessage(response.data.message);
 
       // Navigate to login page after successful signup
       if (response.data.message === 'User created successfully') {