diff --git a/server/api/auth/direct-login.post.ts b/server/api/auth/direct-login.post.ts
index 51d76a6..0a8ea00 100644
--- a/server/api/auth/direct-login.post.ts
+++ b/server/api/auth/direct-login.post.ts
@@ -234,16 +234,35 @@ export default defineEventHandler(async (event) => {
 
     // Create session with appropriate expiration
     const sessionManager = createSessionManager();
-    const sessionCookie = sessionManager.createSession(sessionData, !!rememberMe);
+    const cookieDomain = process.env.COOKIE_DOMAIN || undefined;
+    const maxAge = !!rememberMe ? 60 * 60 * 24 * 30 : 60 * 60 * 24 * 7; // 30 days vs 7 days
     
-    // Set session cookie
-    setHeader(event, 'Set-Cookie', sessionCookie);
+    console.log(`🍪 Setting session cookie (Remember Me: ${!!rememberMe}) with domain:`, cookieDomain);
+    
+    // Create the session cookie string using the session manager
+    const sessionCookieString = sessionManager.createSession(sessionData, !!rememberMe);
+    
+    // Parse the cookie string to get just the value
+    const cookieValue = sessionCookieString.split('=')[1].split(';')[0];
+    
+    // Use Nuxt's setCookie helper with the encrypted value
+    setCookie(event, 'monacousa-session', cookieValue, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'lax',
+      domain: cookieDomain,
+      maxAge,
+      path: '/',
+    });
     
     // Clear failed attempts on successful login
     clearFailedAttempts(clientIP);
     
     console.log('✅ Login successful for user:', userInfo.email);
 
+    // Ensure we return a proper response with status
+    setResponseStatus(event, 200);
+    
     return {
       success: true,
       user: sessionData.user,