Update session.ts

Author: mjaydenkim

server/src/auth/session.ts

@@ -25,7 +25,10 @@ export const sessionMiddleware = session({
   cookie: {
     httpOnly: true,
     secure: process.env.NODE_ENV === 'production', // HTTPS only in production
-    sameSite: 'lax',
+    // In production the frontend (Netlify) and backend (Vercel) are on different sites,
+    // so we must allow the session cookie to be sent on cross-site XHR/fetch requests.
+    // SameSite=Lax works for localhost (same-site) but *blocks* these requests in prod.
+    sameSite: process.env.NODE_ENV === 'production' ? 'none' : 'lax',
     maxAge: sessionTTL,
   },
 });