From d03be7365eeadaad7eb3f060f26ed51a63da67eb Mon Sep 17 00:00:00 2001
From: Sanju Sivalingam <spikeysanju98@gmail.com>
Date: Wed, 18 Feb 2026 11:59:59 +0530
Subject: [PATCH] debug: add logging to session middleware for auth
 investigation

---
 server/src/middleware/auth.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/server/src/middleware/auth.ts b/server/src/middleware/auth.ts
index 06b6142..111a051 100644
--- a/server/src/middleware/auth.ts
+++ b/server/src/middleware/auth.ts
@@ -16,13 +16,15 @@ export async function sessionMiddleware(c: Context, next: Next) {
   // Extract session token from cookie (same approach as dashboard WS auth)
   const rawCookie = getCookie(c, "better-auth.session_token");
   if (!rawCookie) {
+    console.log(`[SessionMiddleware] No session cookie. Headers: ${JSON.stringify(Object.fromEntries(c.req.raw.headers.entries())).slice(0, 200)}`);
     return c.json({ error: "unauthorized" }, 401);
   }
 
   // Token may have a signature appended after a dot — use only the token part
   const token = rawCookie.split(".")[0];
+  console.log(`[SessionMiddleware] cookie prefix: ${rawCookie.slice(0, 20)}... token prefix: ${token.slice(0, 20)}...`);
 
-  // Direct DB lookup (proven to work, unlike auth.api.getSession)
+  // Direct DB lookup
   const rows = await db
     .select({
       sessionId: sessionTable.id,