diff --git a/server/routes/qbittorrent.ts b/server/routes/qbittorrent.ts
index 7219f3c..ed761d3 100644
--- a/server/routes/qbittorrent.ts
+++ b/server/routes/qbittorrent.ts
@@ -14,14 +14,23 @@ async function getCookie(): Promise<string> {
   const pass = process.env.QBT_PASSWORD
   if (!host || !user || !pass) throw new Error('QBT_HOST / QBT_USER / QBT_PASSWORD not configured')
 
+  const loginUrl = `${host}/api/v2/auth/login`
+  console.log(`[qbt] POST ${loginUrl} user=${user}`)
+
   const res = await axios.post(
-    `${host}/api/v2/auth/login`,
+    loginUrl,
     new URLSearchParams({ username: user, password: pass }),
-    { headers: { 'Content-Type': 'application/x-www-form-urlencoded', 'Referer': host, 'Origin': host } }
+    {
+      headers: { 'Content-Type': 'application/x-www-form-urlencoded', 'Referer': host, 'Origin': host },
+      maxRedirects: 0,
+      validateStatus: s => s < 400,
+    }
   )
 
+  console.log(`[qbt] login status=${res.status} body=${JSON.stringify(res.data)} cookies=${JSON.stringify(res.headers['set-cookie'])}`)
+
   const cookie = (res.headers['set-cookie'] ?? []).find((c: string) => c.startsWith('SID='))
-  if (!cookie) throw new Error(`qBittorrent login failed: ${String(res.data).trim()}`)
+  if (!cookie) throw new Error(`qBittorrent login failed (${res.status}): "${String(res.data).trim()}"`)
 
   sid = cookie.split(';')[0]
   sidExpiry = Date.now() + 55 * 60 * 1000