diff --git a/src/components/AuthLoader.astro b/src/components/AuthLoader.astro
new file mode 100644
index 0000000..cd58650
--- /dev/null
+++ b/src/components/AuthLoader.astro
@@ -0,0 +1,278 @@
+---
+/**
+ * AuthLoader Component
+ * 
+ * Provides a loading state for authentication-protected pages to prevent
+ * flashing of content before auth verification completes.
+ * 
+ * Usage:
+ * - Wraps the content of pages that require authentication
+ * - Shows a loading spinner while auth is being verified server-side
+ * - Prevents flash of unauthenticated content
+ */
+
+export interface Props {
+  /** Custom loading message */
+  message?: string;
+  /** Show minimal loader without background */
+  minimal?: boolean;
+}
+
+const { 
+  message = "Verifying authentication...",
+  minimal = false 
+} = Astro.props;
+---
+
+<div class="auth-loader-wrapper" data-minimal={minimal}>
+  {minimal ? (
+    <!-- Minimal loader for components -->
+    <div class="auth-loader-minimal">
+      <div class="auth-loader-spinner-small"></div>
+      <span class="auth-loader-text-small">{message}</span>
+    </div>
+  ) : (
+    <!-- Full page loader -->
+    <div class="auth-loader-fullscreen">
+      <div class="auth-loader-content">
+        <div class="auth-loader-card">
+          <div class="auth-loader-spinner"></div>
+          <h3 class="auth-loader-title">Authenticating</h3>
+          <p class="auth-loader-message">{message}</p>
+        </div>
+      </div>
+    </div>
+  )}
+  
+  <!-- Content slot (hidden initially, shown after auth verification) -->
+  <div class="auth-content" style="display: none;">
+    <slot />
+  </div>
+</div>
+
+<style>
+  .auth-loader-wrapper {
+    position: relative;
+    min-height: 100vh;
+  }
+  
+  .auth-loader-wrapper[data-minimal="true"] {
+    min-height: auto;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    padding: 2rem;
+  }
+  
+  /* Full screen loader */
+  .auth-loader-fullscreen {
+    position: fixed;
+    inset: 0;
+    z-index: 9999;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    background: var(--bg-gradient, linear-gradient(135deg, #0f172a 0%, #1e293b 100%));
+    backdrop-filter: blur(10px);
+  }
+  
+  .auth-loader-content {
+    text-align: center;
+    max-width: 400px;
+    padding: 2rem;
+  }
+  
+  .auth-loader-card {
+    background: rgba(30, 41, 59, 0.8);
+    backdrop-filter: blur(20px);
+    border: 1px solid rgba(255, 255, 255, 0.1);
+    border-radius: 1.5rem;
+    padding: 3rem 2rem;
+    box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.5);
+  }
+  
+  /* Minimal loader */
+  .auth-loader-minimal {
+    display: flex;
+    align-items: center;
+    gap: 0.75rem;
+    padding: 1rem;
+    background: rgba(30, 41, 59, 0.6);
+    backdrop-filter: blur(10px);
+    border: 1px solid rgba(255, 255, 255, 0.1);
+    border-radius: 0.75rem;
+  }
+  
+  /* Spinners */
+  .auth-loader-spinner {
+    width: 3rem;
+    height: 3rem;
+    margin: 0 auto 1.5rem;
+    border: 3px solid rgba(96, 165, 250, 0.2);
+    border-top: 3px solid rgb(96, 165, 250);
+    border-radius: 50%;
+    animation: spin 1s linear infinite;
+  }
+  
+  .auth-loader-spinner-small {
+    width: 1.5rem;
+    height: 1.5rem;
+    border: 2px solid rgba(96, 165, 250, 0.2);
+    border-top: 2px solid rgb(96, 165, 250);
+    border-radius: 50%;
+    animation: spin 1s linear infinite;
+    flex-shrink: 0;
+  }
+  
+  @keyframes spin {
+    0% { transform: rotate(0deg); }
+    100% { transform: rotate(360deg); }
+  }
+  
+  /* Typography */
+  .auth-loader-title {
+    color: var(--glass-text-primary, #ffffff);
+    font-size: 1.5rem;
+    font-weight: 600;
+    margin: 0 0 0.5rem;
+    letter-spacing: -0.025em;
+  }
+  
+  .auth-loader-message {
+    color: var(--glass-text-secondary, rgba(255, 255, 255, 0.8));
+    font-size: 1rem;
+    margin: 0;
+    font-weight: 400;
+  }
+  
+  .auth-loader-text-small {
+    color: var(--glass-text-secondary, rgba(255, 255, 255, 0.8));
+    font-size: 0.875rem;
+    font-weight: 500;
+  }
+  
+  /* Responsive design */
+  @media (max-width: 640px) {
+    .auth-loader-card {
+      margin: 1rem;
+      padding: 2rem 1.5rem;
+    }
+    
+    .auth-loader-title {
+      font-size: 1.25rem;
+    }
+    
+    .auth-loader-message {
+      font-size: 0.875rem;
+    }
+  }
+  
+  /* Theme overrides for light mode */
+  [data-theme="light"] .auth-loader-fullscreen {
+    background: linear-gradient(135deg, #f8fafc 0%, #e2e8f0 100%);
+  }
+  
+  [data-theme="light"] .auth-loader-card {
+    background: rgba(255, 255, 255, 0.9);
+    border: 1px solid rgba(0, 0, 0, 0.1);
+    box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.15);
+  }
+  
+  [data-theme="light"] .auth-loader-minimal {
+    background: rgba(255, 255, 255, 0.9);
+    border: 1px solid rgba(0, 0, 0, 0.1);
+  }
+  
+  [data-theme="light"] .auth-loader-title {
+    color: #1e293b;
+  }
+  
+  [data-theme="light"] .auth-loader-message,
+  [data-theme="light"] .auth-loader-text-small {
+    color: #64748b;
+  }
+</style>
+
+<script>
+  /**
+   * AuthLoader behavior
+   * 
+   * On pages where server-side auth has already been verified,
+   * immediately show the content and hide the loader.
+   * 
+   * This script runs after the component mounts to ensure
+   * a smooth transition from loading to content.
+   */
+  
+  class AuthLoader {
+    private wrapper: HTMLElement | null = null;
+    private loader: HTMLElement | null = null;
+    private content: HTMLElement | null = null;
+    
+    constructor() {
+      this.init();
+    }
+    
+    private init() {
+      this.wrapper = document.querySelector('.auth-loader-wrapper');
+      this.loader = document.querySelector('.auth-loader-fullscreen, .auth-loader-minimal');
+      this.content = document.querySelector('.auth-content');
+      
+      if (!this.wrapper || !this.content) {
+        console.warn('[AuthLoader] Required elements not found');
+        return;
+      }
+      
+      // For pages where auth was verified server-side, show content immediately
+      this.showContent();
+    }
+    
+    private showContent() {
+      if (this.content && this.loader) {
+        // Show content
+        this.content.style.display = 'block';
+        
+        // Hide loader with smooth transition
+        this.loader.style.opacity = '0';
+        this.loader.style.transition = 'opacity 0.3s ease-out';
+        
+        setTimeout(() => {
+          if (this.loader) {
+            this.loader.style.display = 'none';
+          }
+        }, 300);
+      }
+    }
+    
+    // Public method to show loading state (for dynamic auth checks)
+    public showLoading(message?: string) {
+      if (this.loader && this.content) {
+        this.content.style.display = 'none';
+        this.loader.style.display = 'flex';
+        this.loader.style.opacity = '1';
+        
+        if (message) {
+          const messageEl = this.loader.querySelector('.auth-loader-message, .auth-loader-text-small');
+          if (messageEl) {
+            messageEl.textContent = message;
+          }
+        }
+      }
+    }
+    
+    // Public method to hide loading and show content
+    public showContent() {
+      this.showContent();
+    }
+  }
+  
+  // Initialize on DOM ready
+  if (document.readyState === 'loading') {
+    document.addEventListener('DOMContentLoaded', () => new AuthLoader());
+  } else {
+    new AuthLoader();
+  }
+  
+  // Expose globally for dynamic usage
+  (window as any).AuthLoader = AuthLoader;
+</script>
\ No newline at end of file
diff --git a/src/lib/supabase-ssr.ts b/src/lib/supabase-ssr.ts
index 00d7951..f6d27c4 100644
--- a/src/lib/supabase-ssr.ts
+++ b/src/lib/supabase-ssr.ts
@@ -6,13 +6,19 @@ export function createSupabaseServerClient(
   cookies: AstroCookies,
   cookieOptions?: CookieOptions
 ) {
-  // Default cookie options for Docker/localhost environment
+  // Environment-aware cookie configuration
+  const isProduction = import.meta.env.PROD || process.env.NODE_ENV === 'production';
+  
+  // For Docker/localhost, always use non-secure cookies
+  // In production, this will be overridden to use secure cookies
+  const useSecureCookies = isProduction;
+  
   const defaultCookieOptions: CookieOptions = {
-    secure: false,              // localhost is non-HTTPS in Docker
-    sameSite: 'lax',            // allow cross-site cookie on navigation  
-    path: '/',                  // root-wide access
-    httpOnly: true,             // JS-inaccessible for security
-    maxAge: 60 * 60 * 24 * 7,   // 7 days
+    secure: useSecureCookies,       // secure in production, non-secure for localhost
+    sameSite: 'lax',               // allow cross-site cookie on navigation  
+    path: '/',                     // root-wide access
+    httpOnly: true,                // JS-inaccessible for security
+    maxAge: 60 * 60 * 24 * 7,      // 7 days
   };
 
   return createServerClient<Database>(
diff --git a/src/pages/dashboard.astro b/src/pages/dashboard.astro
index 9f2d7e1..8c37aab 100644
--- a/src/pages/dashboard.astro
+++ b/src/pages/dashboard.astro
@@ -1,6 +1,7 @@
 ---
 import Layout from '../layouts/Layout.astro';
 import Navigation from '../components/Navigation.astro';
+import AuthLoader from '../components/AuthLoader.astro';
 import { verifyAuth } from '../lib/auth';
 
 // Enable server-side rendering for auth checks
@@ -14,6 +15,7 @@ if (!auth) {
 ---
 
 <Layout title="Dashboard - Black Canyon Tickets">
+  <AuthLoader message="Loading your dashboard...">
   <style>
     @keyframes fadeInUp {
       0% {
@@ -829,4 +831,6 @@ if (!auth) {
   
   // Load events directly (auth already verified server-side)
   loadEvents();
-</script>
\ No newline at end of file
+</script>
+
+  </AuthLoader>
\ No newline at end of file
diff --git a/src/pages/login.astro b/src/pages/login.astro
index 73011ec..18b0c50 100644
--- a/src/pages/login.astro
+++ b/src/pages/login.astro
@@ -293,11 +293,7 @@ const csrfToken = generateCSRFToken();
   const errorMessage = document.getElementById('error-message') as HTMLDivElement;
 
   // Debug logging
-  console.log('[LOGIN] Page loaded, checking auth state...');
-
-  // Authentication state
-  let authCheckInProgress = false;
-  let redirectInProgress = false;
+  console.log('[LOGIN] Page loaded, login form ready');
 
   let isSignUpMode = false;
 
@@ -387,103 +383,12 @@ const csrfToken = generateCSRFToken();
     mainContent.style.display = 'flex';
   }
 
-  // Safe redirect function with debouncing
-  function safeRedirect(path: string, delay = 500) {
-    if (redirectInProgress) {
-      console.log('[LOGIN] Redirect already in progress, ignoring');
-      return;
-    }
-    
-    redirectInProgress = true;
-    console.log(`[LOGIN] Redirecting to ${path} in ${delay}ms...`);
-    
-    setTimeout(() => {
-      window.location.pathname = path;
-    }, delay);
-  }
 
-  // Enhanced auth check with better error handling
-  async function checkAuthState() {
-    if (authCheckInProgress) {
-      console.log('[LOGIN] Auth check already in progress');
-      return;
-    }
+  // Note: Auth checking has been moved to server-side only
+  // The login page now focuses solely on the login/signup flow
 
-    authCheckInProgress = true;
-    console.log('[LOGIN] Starting auth check...');
-
-    try {
-      // Get current session with timeout
-      const authPromise = supabase.auth.getSession();
-      const timeoutPromise = new Promise((_, reject) => 
-        setTimeout(() => reject(new Error('Auth check timeout')), 5000)
-      );
-
-      const { data: { session }, error } = await Promise.race([authPromise, timeoutPromise]) as any;
-      
-      if (error) {
-        console.log('[LOGIN] Auth error:', error.message);
-        hideLoading();
-        authCheckInProgress = false;
-        return;
-      }
-
-      if (!session) {
-        console.log('[LOGIN] No active session, showing login form');
-        hideLoading();
-        authCheckInProgress = false;
-        return;
-      }
-
-      console.log('[LOGIN] Active session found, checking organization...');
-
-      // Check if user has an organization with timeout
-      const userPromise = supabase
-        .from('users')
-        .select('organization_id')
-        .eq('id', session.user.id)
-        .single();
-
-      const { data: userData, error: userError } = await Promise.race([
-        userPromise,
-        new Promise((_, reject) => 
-          setTimeout(() => reject(new Error('User data timeout')), 3000)
-        )
-      ]) as any;
-
-      if (userError) {
-        console.log('[LOGIN] User data error:', userError.message);
-        hideLoading();
-        authCheckInProgress = false;
-        return;
-      }
-
-      // Check for return URL parameter (support both 'returnTo' and 'redirect')
-      const urlParams = new URLSearchParams(window.location.search);
-      const returnTo = urlParams.get('returnTo') || urlParams.get('redirect');
-      
-      if (!userData?.organization_id) {
-        console.log('[LOGIN] No organization found, redirecting to onboarding');
-        safeRedirect('/onboarding/organization');
-      } else {
-        console.log('[LOGIN] Organization found, redirecting to', returnTo || '/dashboard');
-        safeRedirect(returnTo || '/dashboard');
-      }
-
-    } catch (error) {
-      console.error('[LOGIN] Auth check failed:', error);
-      hideLoading();
-      authCheckInProgress = false;
-    }
-  }
-
-  // Skip auth check on login page - let the form handle login flow
-  // Initial auth check with delay to prevent flashing
-  // setTimeout(() => {
-  //   checkAuthState();
-  // }, 100);
-  
-  // Just hide loading and show form immediately on login page
+  // On login page, immediately show the form since auth is handled by the login flow
+  // No need for auth checking on this page - users should be able to login regardless
   hideLoading();
 
 </script>
\ No newline at end of file