Fix session cookie propagation; desktop creates session via POST before opening portal

src/app/api/machines/sessions/route.ts

@@ -43,9 +43,26 @@ export async function POST(request: Request) {
       { status: 200 }
     )
 
-    session.headers.forEach((value, key) => {
-      response.headers.set(key, value)
-    })
+    // Propaga cookies de sessão do Better Auth com segurança.
+    // Em alguns ambientes, múltiplos Set-Cookie são colapsados; tentamos cobrir ambos.
+    const headersAny = session.headers as unknown as { getSetCookie?: () => string[] }
+    const setCookies: string[] = []
+    try {
+      if (typeof headersAny?.getSetCookie === "function") {
+        setCookies.push(...(headersAny.getSetCookie() ?? []))
+      } else {
+        const single = session.headers.get("set-cookie")
+        if (single) setCookies.push(single)
+      }
+    } catch {
+      const single = session.headers.get("set-cookie")
+      if (single) setCookies.push(single)
+    }
+
+    for (const cookie of setCookies) {
+      // Usa append para não sobrescrever múltiplos cookies (authsession e assinatura, por exemplo)
+      response.headers.append("set-cookie", cookie)
+    }
 
     const machineCookiePayload = {
       machineId: session.machine.id,