fix(auth): add withCredentials and fix CORS to persist session cookies

Login.tsx and Signup.tsx were sending axios POST requests without
{ withCredentials: true }, so the browser silently discarded the
Set-Cookie header on every cross-origin login/signup response. No
session cookie was ever stored, making every subsequent request
appear unauthenticated.

Changes:
- src/pages/Login/Login.tsx: pass { withCredentials: true } as the
  third argument to axios.post for /api/auth/login
- src/pages/Signup/Signup.tsx: same fix for /api/auth/signup; also
  remove the stale "Include cookies for session" comment that noted
  the intent but was never fulfilled
- backend/server.js: replace cors('*') with a credentials-aware
  config (origin: FRONTEND_URL, credentials: true); a wildcard origin
  is rejected by browsers when credentials are present, so a specific
  origin is required for Set-Cookie to be honoured

Fixes #414

Author: anshul23102

src/pages/Login/Login.tsx

@@ -30,7 +30,11 @@ const Login: React.FC = () => {
     setIsLoading(true);
 
     try {
-      const response = await axios.post(`${backendUrl}/api/auth/login`, formData);
+      const response = await axios.post(
+        `${backendUrl}/api/auth/login`,
+        formData,
+        { withCredentials: true }
+      );
       setMessage(response.data.message);
 
       if (response.data.message === 'Login successful') {

src/pages/Signup/Signup.tsx

@@ -83,10 +83,12 @@ const SignUp: React.FC = () => {
     }
     setIsLoading(true);
     try {
-      const response = await axios.post(`${backendUrl}/api/auth/signup`,
-        formData // Include cookies for session
+      const response = await axios.post(
+        `${backendUrl}/api/auth/signup`,
+        formData,
+        { withCredentials: true }
       );
-      setMessage(response.data.message); // Show success message from backend
+      setMessage(response.data.message);
 
       // Navigate to login page after successful signup
       if (response.data.message === 'User created successfully') {