Update cookie

backend/app/api/routes_auth.py

@@ -30,9 +30,14 @@ from app.services.auth_login_throttle import (
 )
 
 try:
-    from fastapi import Response
+    from fastapi import Cookie, Response
 except (ImportError, AttributeError):
     from fastapi.responses import Response
+
+    def Cookie(_default=None, **_kwargs):  # type: ignore[no-untyped-def]
+        """Compatibility fallback for environments that stub fastapi without request params."""
+
+        return None
 from app.services.authentication import authenticate_user, issue_user_session, revoke_auth_session
 
 router = APIRouter(prefix="/auth", tags=["auth"])
@@ -255,9 +260,13 @@ def login(
 
 
 @router.get("/me", response_model=AuthSessionResponse)
-def me(context: AuthContext = Depends(require_user_or_admin)) -> AuthSessionResponse:
+def me(
+    context: AuthContext = Depends(require_user_or_admin),
+    csrf_cookie: str | None = Cookie(None, alias=CSRF_COOKIE_NAME),
+) -> AuthSessionResponse:
     """Returns current authenticated session identity and expiration metadata."""
 
+    normalized_csrf_cookie = (csrf_cookie or "").strip() or None
     return AuthSessionResponse(
         expires_at=context.expires_at,
         user=AuthUserResponse(
@@ -265,6 +274,7 @@ def me(context: AuthContext = Depends(require_user_or_admin)) -> AuthSessionResp
             username=context.username,
             role=context.role,
         ),
+        csrf_token=normalized_csrf_cookie,
     )