fix: include Referer header and ensure CSRF token is set in request headers

frontend/src/routes/+page.server.ts

@@ -37,8 +37,9 @@ export const actions: Actions = {
 			method: 'DELETE',
 			headers: {
 				'Content-Type': 'application/json',
-				Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`,
+				'X-CSRFToken': csrfToken, // Ensure CSRF token is in header
-				'X-CSRFToken': csrfToken
+				Referer: event.url.origin, // Include Referer header
+				Cookie: `sessionid=${sessionId}; csrftoken=${csrfToken}`
 			},
 			credentials: 'include'
 		});
@@ -59,8 +60,6 @@ export const actions: Actions = {
 			cookieDomain = undefined; // Do not set the domain
 		}
 
-		console.log('Deleting sessionid cookie with domain:', cookieDomain);
-
 		// Delete the session cookie
 		event.cookies.delete('sessionid', {
 			path: '/',