StarPunk/docs/reports/2025-11-18-quickfix-auth-loop.md

# QUICK FIX: Auth Redirect Loop

**Problem**: Dev login redirects back to login page (loop)
**Cause**: Cookie name collision (`session` used by both Flask and StarPunk)
**Fix**: Rename auth cookie to `starpunk_session`
**Time**: 30 minutes

## 6 Changes in 3 Files

### 1. starpunk/routes/dev_auth.py (Line 75)
```python
# Change this:
response.set_cookie("session", session_token, ...)

# To this:
response.set_cookie("starpunk_session", session_token, ...)
```

### 2. starpunk/routes/auth.py (5 changes)

**Line 47:**
```python
session_token = request.cookies.get("starpunk_session")  # was "session"
```

**Line 121:**
```python
response.set_cookie("starpunk_session", session_token, ...)  # was "session"
```

**Line 167:**
```python
session_token = request.cookies.get("starpunk_session")  # was "session"
```

**Line 178:**
```python
response.delete_cookie("starpunk_session")  # was "session"
```

### 3. starpunk/auth.py (Line 390)
```python
session_token = request.cookies.get("starpunk_session")  # was "session"
```

## Test It

```bash
# Run tests
uv run pytest tests/ -v

# Start server
uv run flask run

# Browser test:
# 1. Go to http://localhost:5000/admin/
# 2. Click dev login
# 3. Should see dashboard (not login page)
# 4. Check cookies in DevTools - should see "starpunk_session"
```

## Full Docs

- Executive Summary: `/docs/design/auth-redirect-loop-executive-summary.md`
- Implementation Guide: `/docs/design/auth-redirect-loop-fix-implementation.md`
- Visual Diagrams: `/docs/design/auth-redirect-loop-diagram.md`
- Root Cause Analysis: `/docs/design/auth-redirect-loop-diagnosis.md`