diff --git a/src/app/api/auth/login/route.ts b/src/app/api/auth/login/route.ts
index a1b0387..a929ddb 100644
--- a/src/app/api/auth/login/route.ts
+++ b/src/app/api/auth/login/route.ts
@@ -1,8 +1,11 @@
 import { NextResponse } from "next/server";
-import { authenticateUser, createUserSession, setSessionCookie } from "@/lib/server/auth";
+import { authenticateUser, createUserSession } from "@/lib/server/auth";
 
 export const runtime = "nodejs";
 
+const SESSION_COOKIE_NAME = "gantt_session";
+const SESSION_DAYS_REMEMBER = 30;
+
 export async function POST(request: Request) {
   try {
     const body = (await request.json()) as {
@@ -25,13 +28,31 @@ export async function POST(request: Request) {
     }
 
     const session = await createUserSession(user.id, rememberMe);
-    await setSessionCookie(session.token, rememberMe);
-
-    return NextResponse.json({
+    
+    // Set cookie on response for Vercel compatibility
+    const response = NextResponse.json({
       success: true,
       user,
       session: { expiresAt: session.expiresAt, rememberMe },
     });
+    
+    const baseCookieOptions = {
+      httpOnly: true,
+      sameSite: "lax" as const,
+      secure: process.env.NODE_ENV === "production",
+      path: "/",
+    };
+    
+    if (rememberMe) {
+      response.cookies.set(SESSION_COOKIE_NAME, session.token, {
+        ...baseCookieOptions,
+        maxAge: SESSION_DAYS_REMEMBER * 24 * 60 * 60,
+      });
+    } else {
+      response.cookies.set(SESSION_COOKIE_NAME, session.token, baseCookieOptions);
+    }
+
+    return response;
   } catch {
     return NextResponse.json({ error: "Login failed" }, { status: 500 });
   }
diff --git a/src/app/api/auth/logout/route.ts b/src/app/api/auth/logout/route.ts
index df37d28..4b483b7 100644
--- a/src/app/api/auth/logout/route.ts
+++ b/src/app/api/auth/logout/route.ts
@@ -1,14 +1,26 @@
 import { NextResponse } from "next/server";
-import { clearSessionCookie, getSessionTokenFromCookies, revokeSession } from "@/lib/server/auth";
+import { getSessionTokenFromCookies, revokeSession } from "@/lib/server/auth";
 
 export const runtime = "nodejs";
 
+const SESSION_COOKIE_NAME = "gantt_session";
+
 export async function POST() {
   try {
     const token = await getSessionTokenFromCookies();
     if (token) await revokeSession(token);
-    await clearSessionCookie();
-    return NextResponse.json({ success: true });
+    
+    // Clear cookie on response for Vercel compatibility
+    const response = NextResponse.json({ success: true });
+    response.cookies.set(SESSION_COOKIE_NAME, "", {
+      httpOnly: true,
+      sameSite: "lax",
+      secure: process.env.NODE_ENV === "production",
+      path: "/",
+      maxAge: 0,
+    });
+    
+    return response;
   } catch {
     return NextResponse.json({ error: "Logout failed" }, { status: 500 });
   }