Debug session persistence issue

- Add session store configuration with same_site: lax
- Add debug logging to callback and birthday actions
- Add session expiry handling in birthday action
- Skip global auth filter for UsersController to avoid conflicts

Author: zachlatta

app/controllers/sessions_controller.rb

@@ -13,6 +13,7 @@ def callback
 
     # Store user ID in session
     session[:user_id] = user.id
+    Rails.logger.info "Set session[:user_id] = #{user.id} for user #{user.username}"
 
     # Redirect to birthday form if not provided, otherwise to dashboard
     if user.birthday_provided?

app/controllers/users_controller.rb

@@ -1,7 +1,16 @@
 class UsersController < ApplicationController
+  skip_before_action :require_login_for_authenticated_routes
   before_action :require_login
 
   def birthday
+    Rails.logger.info "Birthday action: session[:user_id] = #{session[:user_id]}, logged_in? = #{logged_in?}"
+    
+    # Handle case where user just completed OAuth but session isn't persisting
+    unless logged_in?
+      redirect_to root_path, alert: "Session expired. Please log in again."
+      return
+    end
+    
     redirect_to user_dashboard_path if current_user.birthday_provided?
   end
 

config/initializers/session_store.rb

@@ -0,0 +1,6 @@
+# Configure session store for production
+Rails.application.config.session_store :cookie_store,
+  key: '_pyramid_scheme_session',
+  same_site: :lax,
+  secure: Rails.env.production?, # Only use secure cookies in production if HTTPS
+  httponly: true