diff --git a/.env b/.env
index 702ecbc..dfc0990 100644
--- a/.env
+++ b/.env
@@ -2,7 +2,7 @@ CORS_ALLOWED_ORIGINS=https://dev1.aptivaai.com,http://34.16.120.118:3000,http://
 SERVER1_PORT=5000
 SERVER2_PORT=5001
 SERVER3_PORT=5002
-IMG_TAG=fb2e052-202508131933
+IMG_TAG=d71b026-202508141402
 
 ENV_NAME=dev
 PROJECT=aptivaai-dev
\ No newline at end of file
diff --git a/backend/server2.js b/backend/server2.js
index c829a41..e08d0de 100755
--- a/backend/server2.js
+++ b/backend/server2.js
@@ -21,7 +21,7 @@ import rateLimit from 'express-rate-limit';
 import authenticateUser from './utils/authenticateUser.js';
 import { vectorSearch } from "./utils/vectorSearch.js";
 import { initEncryption, verifyCanary, SENTINEL } from './shared/crypto/encryption.js';
-import { requireAuth } from '../shared/auth/requireAuth.js';
+import { requireAuth } from './shared/requireAuth.js';
 import sgMail from '@sendgrid/mail';         // npm i @sendgrid/mail
 import crypto from 'crypto';
 import cookieParser from 'cookie-parser';
@@ -1244,6 +1244,8 @@ ${message}`;
   } catch (err) {
     console.error('[support] error:', err?.message || err);
     return res.status(500).json({ error: 'Failed to send support message' });
+  }
+});
 
 /**************************************************
  * Start the Express server
diff --git a/backend/shared/requireAuth.js b/backend/shared/requireAuth.js
index 3772b92..55c3573 100644
--- a/backend/shared/requireAuth.js
+++ b/backend/shared/requireAuth.js
@@ -15,9 +15,9 @@ function extractBearer(authz) {
 
 export async function requireAuth(req, res, next) {
   try {
-    const cookieToken  = req.cookies?.[ACCESS_COOKIE_NAME];
-    const bearerToken  = extractBearer(req.headers.authorization);
-    const token = cookieToken || bearerToken;  // cookie always wins
+    const cookieToken = req.cookies?.[ACCESS_COOKIE_NAME];
+    const bearerToken = extractBearer(req.headers.authorization);
+    const token = cookieToken || bearerToken; // cookie always wins
 
     if (!token) return res.status(401).json({ error: 'Auth required' });
 
@@ -42,14 +42,14 @@ export async function requireAuth(req, res, next) {
     }
 
     req.user = (payload && typeof payload === 'object')
-  ? { ...payload, id: userId }
-  : { id: userId };
+      ? { ...payload, id: userId }
+      : { id: userId };
 
-req.userId = userId;
-next();
-    next();
+    req.userId = userId;
+    return next(); // ✅ only once
   } catch (e) {
     console.error('[requireAuth]', e?.message || e);
-    res.status(500).json({ error: 'Server error' });
+    return res.status(500).json({ error: 'Server error' });
   }
 }
+
diff --git a/src/components/CareerExplorer.js b/src/components/CareerExplorer.js
index 45ab519..6bb90eb 100644
--- a/src/components/CareerExplorer.js
+++ b/src/components/CareerExplorer.js
@@ -10,6 +10,7 @@ import CareerSearch from './CareerSearch.js';
 import { Button } from './ui/button.js';
 import axios from 'axios';
 import isAllOther from '../utils/isAllOther.js';
+import cookies from 'js-cookie';
 
 const STATES = [
   { name: 'Alabama', code: 'AL' }, { name: 'Alaska', code: 'AK' }, { name: 'Arizona', code: 'AZ' },