fix: resolve login redirect failures by removing cookie domain and implementing session data encryption

server/utils/session.ts

@@ -10,7 +10,7 @@ export class SessionManager {
     this.encryptionKey = Buffer.from(encryptionKey, 'hex');
   }
 
-  private encrypt(data: string): string {
+  encrypt(data: string): string {
     const iv = randomBytes(16);
     const cipher = createCipheriv('aes-256-cbc', this.encryptionKey, iv);
     let encrypted = cipher.update(data, 'utf8', 'hex');
@@ -31,16 +31,14 @@ export class SessionManager {
     const data = JSON.stringify(sessionData);
     const encrypted = this.encrypt(data);
     
-    const cookieDomain = process.env.COOKIE_DOMAIN || undefined;
     const maxAge = rememberMe ? 60 * 60 * 24 * 30 : 60 * 60 * 24 * 7; // 30 days vs 7 days
     
-    console.log(`🍪 Creating session cookie (Remember Me: ${rememberMe}) with domain:`, cookieDomain);
+    console.log(`🍪 Creating session cookie (Remember Me: ${rememberMe}) without explicit domain`);
     
     return serialize(this.cookieName, encrypted, {
       httpOnly: true,
       secure: process.env.NODE_ENV === 'production',
       sameSite: 'lax',
-      domain: cookieDomain,
       maxAge,
       path: '/',
     });