From 5ac98d966c3a77e4a84de5783985f23658d6686c Mon Sep 17 00:00:00 2001
From: Syco21 <davhv12@gmail.com>
Date: Wed, 20 May 2026 19:28:08 +0200
Subject: [PATCH] Fix qBittorrent 5.x session cookie name (SID ->
 QBT_SID_{port})

---
 server/routes/qbittorrent.ts | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/server/routes/qbittorrent.ts b/server/routes/qbittorrent.ts
index 9f95e33..ae5c284 100644
--- a/server/routes/qbittorrent.ts
+++ b/server/routes/qbittorrent.ts
@@ -14,11 +14,8 @@ async function getCookie(): Promise<string> {
   const pass = process.env.QBT_PASSWORD
   if (!host || !user || !pass) throw new Error('QBT_HOST / QBT_USER / QBT_PASSWORD not configured')
 
-  const loginUrl = `${host}/api/v2/auth/login`
-  console.log(`[qbt] POST ${loginUrl} user=${user}`)
-
   const res = await axios.post(
-    loginUrl,
+    `${host}/api/v2/auth/login`,
     new URLSearchParams({ username: user, password: pass }),
     {
       headers: { 'Content-Type': 'application/x-www-form-urlencoded', 'Referer': host, 'Origin': host },
@@ -26,9 +23,8 @@ async function getCookie(): Promise<string> {
     }
   )
 
-  console.log(`[qbt] status=${res.status} headers=${JSON.stringify(res.headers)} body=${JSON.stringify(res.data)}`)
-
-  const cookie = (res.headers['set-cookie'] ?? []).find((c: string) => c.startsWith('SID='))
+  // qBittorrent 5.x renamed the cookie from SID to QBT_SID_{port}
+  const cookie = (res.headers['set-cookie'] ?? []).find((c: string) => /^(QBT_)?SID[_=]/.test(c))
   if (!cookie) throw new Error(`qBittorrent login failed (${res.status}): "${String(res.data).trim()}"`)
 
   sid = cookie.split(';')[0]