diff --git a/server/src/session.ts b/server/src/session.ts
index c0a1d2a..eee2395 100644
--- a/server/src/session.ts
+++ b/server/src/session.ts
@@ -53,6 +53,8 @@ export default new Elysia({
       }
     }
 
+    console.log("CSRF check passed")
+
     // use headers instead of Cookie API to prevent type coercion
     const cookieHeader = context.request.headers.get("Cookie") ?? "";
     const sessionId = lucia.readSessionCookie(cookieHeader);
@@ -62,6 +64,7 @@ export default new Elysia({
         session: null,
       };
     }
+    console.log("Cookie exists")
 
     const { session, user } = await lucia.validateSession(sessionId);
     if (session && session.fresh) {