Refactor login cookie handling to improve parsing and error handling; ensure multiple Set-Cookie headers are processed correctly.

frontend/src/routes/login/+page.server.ts

@@ -110,63 +110,71 @@ export const actions: Actions = {
 };
 
 function handleSuccessfulLogin(event: RequestEvent<RouteParams, '/login'>, response: Response) {
-	const setCookieHeader = response.headers.get('Set-Cookie');
+	// Get all Set-Cookie headers
-	console.log('[LOGIN] Set-Cookie header from backend:', setCookieHeader);
+	let setCookieHeaders: string[] = [];
 
-	if (setCookieHeader) {
+	if ('getSetCookie' in response.headers && typeof response.headers.getSetCookie === 'function') {
-		const sessionIdRegex = /sessionid=([^;]+).*?expires=([^;]+)/;
+		setCookieHeaders = response.headers.getSetCookie();
-		const match = setCookieHeader.match(sessionIdRegex);
+	} else {
-		if (match) {
+		const raw = response.headers.get('Set-Cookie');
-			const [, sessionId, expiryString] = match;
+		if (raw) {
+			// Safely split on commas only if a new cookie starts (e.g., key=value)
+			setCookieHeaders = raw.split(/,\s*(?=\w+=)/);
+		}
+	}
 
-			console.log('[LOGIN] Parsed session ID:', sessionId);
+	console.log('[LOGIN] All Set-Cookie headers:', setCookieHeaders);
-			console.log('[LOGIN] Parsed expiry string:', expiryString);
 
-			// Get the proper cookie domain using psl
+	const sessionCookie = setCookieHeaders.find((cookie) => cookie.startsWith('sessionid=')) || '';
+	console.log('[LOGIN] Session cookie:', sessionCookie);
+
+	if (!sessionCookie) {
+		console.warn('[LOGIN] No sessionid cookie found.');
+		return;
+	}
+
+	const sessionIdMatch = sessionCookie.match(/sessionid=([^;]+)/);
+	const expiresMatch = sessionCookie.match(/expires=([^;]+)/i);
+
+	if (!sessionIdMatch) {
+		console.warn('[LOGIN] Could not extract session ID from cookie.');
+		return;
+	}
+
+	const sessionId = sessionIdMatch[1];
+	const expires = expiresMatch ? new Date(expiresMatch[1]) : undefined;
+
+	console.log('[LOGIN] Extracted session ID:', sessionId);
+	if (expires) console.log('[LOGIN] Extracted expires:', expires);
+
+	// Determine cookie domain
 	const hostname = event.url.hostname;
-			let cookieDomain;
-
-			// Check if hostname is an IP address
 	const isIPAddress = /^\d{1,3}(\.\d{1,3}){3}$/.test(hostname);
 	const isLocalhost = hostname === 'localhost';
 	const isSingleLabel = hostname.split('.').length === 1;
 
-			console.log('[LOGIN] Hostname info:', {
+	let cookieDomain: string | undefined;
-				hostname,
+	if (!isIPAddress && !isLocalhost && !isSingleLabel) {
-				isIPAddress,
-				isLocalhost,
-				isSingleLabel
-			});
-
-			if (!isIPAddress && !isSingleLabel && !isLocalhost) {
 		const parsed = psl.parse(hostname);
 		if (parsed && parsed.domain) {
 			cookieDomain = `.${parsed.domain}`;
-					console.log('[LOGIN] Using parsed cookie domain:', cookieDomain);
 		}
-			} else {
-				console.log('[LOGIN] No domain will be set for cookie.');
 	}
+	console.log('[LOGIN] Setting cookie domain:', cookieDomain);
 
-			try {
+	const cookieOptions = {
-				event.cookies.set('sessionid', sessionId, {
 		path: '/',
 		httpOnly: true,
-					sameSite: 'lax',
+		sameSite: 'lax' as const,
 		secure: event.url.protocol === 'https:',
-					expires: new Date(expiryString),
+		...(expires && { expires }),
-					...(cookieDomain && { domain: cookieDomain }) // only include if defined
+		...(cookieDomain && { domain: cookieDomain })
-				});
+	};
+
+	console.log('[LOGIN] Cookie options:', cookieOptions);
+
+	event.cookies.set('sessionid', sessionId, cookieOptions);
 	console.log('[LOGIN] Cookie set successfully.');
-			} catch (e) {
-				console.error('[LOGIN] Failed to set cookie:', e);
-			}
-		} else {
-			console.warn('[LOGIN] Failed to parse session ID and expiry from Set-Cookie header.');
-		}
-	} else {
-		console.warn('[LOGIN] No Set-Cookie header received from backend.');
-	}
 }
 
 function extractSessionId(setCookieHeader: string | null) {