#Failing to log data and fetching responses on Express

So I decided to create my very first own project using Spotify API. I followed a few tutorials and it started to require some knowledge in express that I didn't have, so I got this project from github (https://github.com/Bernz322/spotify-api-profile-app) and started refactoring it (simply just kept a few parts of it that dealt with the server side)
I managed to get some stuff done (link to it: https://github.com/Irismiranda/musiccircle), but I wanted to implement a state to login so users wouldn't simply use a url with someone else's token. So the idea was to set the state using cookies and check if the url state matched it every time a user tried to access a protected route.
It didn't work, but the real problem is that I can't find what's wrong specifically because console.logs from the server side aren't showing inside vs code, and I'm also getting errors (SyntaxError: Unexpected token '<', "<!DOCTYPE "... is not valid JSON)when trying to fetch data from the client side using res.json. Any idea what I'm doing wrong?

@merry talon That syntax error you're getting usually happens when you try to pass non-JSON data to a fetch request. Fetch requests usually will only accept JSON. Hard to give more information without seeing the whole code.

As for the login stuff, the way you're trying to do is it sounds very insecure to me. Cookies are stored in the web browser meaning they can easily be seen and used by hackers. Using that alone to authenticate someone is just asking for trouble.

If you're just starting out with backend stuff I would recommend using JWTs as a base level of security, then when you're more comfortable with backend you can progress to server-side session storage.

If you've never heard of JWTs before, here's a good video explanation about them. https://youtu.be/7Q17ubqLfaM?si=373Y22pyiu54DkZI