diff --git a/client/package-lock.json b/client/package-lock.json
index a973015b..529d9ec0 100644
--- a/client/package-lock.json
+++ b/client/package-lock.json
@@ -17,11 +17,12 @@
         "express": "^4.21.1",
         "jsonwebtoken": "^9.0.2",
         "mailtrap": "^3.4.0",
-        "mongoose": "^8.7.0",
+        "mongoose": "^8.7.2",
         "react": "^18.3.1",
         "react-dom": "^18.3.1",
         "react-router-dom": "^6.27.0",
-        "react-toastify": "^10.0.6"
+        "react-toastify": "^10.0.6",
+        "ws": "^8.18.0"
       },
       "devDependencies": {
         "@eslint/js": "^9.9.0",
@@ -4099,9 +4100,9 @@
       }
     },
     "node_modules/mongoose": {
-      "version": "8.7.0",
-      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-8.7.0.tgz",
-      "integrity": "sha512-rUCSF1mMYQXjXYdqEQLLlMD3xbcj2j1/hRn+9VnVj7ipzru/UoUZxlj/hWmteKMAh4EFnDZ+BIrmma9l/0Hi1g==",
+      "version": "8.7.2",
+      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-8.7.2.tgz",
+      "integrity": "sha512-Ok4VzMds9p5G3ZSUhmvBm1GdxanbzhS29jpSn02SPj+IXEVFnIdfwAlHHXWkyNscZKlcn8GuMi68FH++jo0flg==",
       "license": "MIT",
       "dependencies": {
         "bson": "^6.7.0",
@@ -5609,6 +5610,27 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/ws": {
+      "version": "8.18.0",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.18.0.tgz",
+      "integrity": "sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=10.0.0"
+      },
+      "peerDependencies": {
+        "bufferutil": "^4.0.1",
+        "utf-8-validate": ">=5.0.2"
+      },
+      "peerDependenciesMeta": {
+        "bufferutil": {
+          "optional": true
+        },
+        "utf-8-validate": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/yallist": {
       "version": "3.1.1",
       "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz",
diff --git a/client/package.json b/client/package.json
index cdd262d1..fa5563c9 100644
--- a/client/package.json
+++ b/client/package.json
@@ -19,11 +19,12 @@
     "express": "^4.21.1",
     "jsonwebtoken": "^9.0.2",
     "mailtrap": "^3.4.0",
-    "mongoose": "^8.7.0",
+    "mongoose": "^8.7.2",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
     "react-router-dom": "^6.27.0",
-    "react-toastify": "^10.0.6"
+    "react-toastify": "^10.0.6",
+    "ws": "^8.18.0"
   },
   "devDependencies": {
     "@eslint/js": "^9.9.0",
diff --git a/client/src/main.jsx b/client/src/main.jsx
index 600ea5d5..79ca5b10 100644
--- a/client/src/main.jsx
+++ b/client/src/main.jsx
@@ -12,3 +12,4 @@ createRoot(document.getElementById('root')).render(
     </BrowserRouter>
   </StrictMode>,
 )
+
diff --git a/client/src/pages/Chat.jsx b/client/src/pages/Chat.jsx
new file mode 100644
index 00000000..3109e604
--- /dev/null
+++ b/client/src/pages/Chat.jsx
@@ -0,0 +1,131 @@
+// import React, { useState, useEffect } from 'react';
+// import { useWebSocket } from './websocket_client';
+
+// const Chat = ({ userID }) => {
+//   const [toUser, setToUser] = useState('');
+//   const [messageContent, setMessageContent] = useState('');
+//   const [messages, setMessages] = useState([]);
+//   const socket = useWebSocket();
+
+//   useEffect(() => {
+//     if (socket) {
+//       socket.onmessage = (event) => {
+//         const message = JSON.parse(event.data);
+//         if (message.error) {
+//           console.error("Error:", message.error);
+//         } else {
+//           setMessages((prev) => [...prev, message]);
+//         }
+//       };
+//     }
+//   }, [socket]);
+
+//   const sendMessage = () => {
+//     if (socket && toUser && messageContent) {
+//       const message = { from: userID, to: toUser, content: messageContent };
+//       socket.send(JSON.stringify(message));
+//       setMessageContent('');
+//     }
+//   };
+
+//   return (
+//     <div>
+//       <div>
+//         <label>To User ID:</label>
+//         <input
+//           type="text"
+//           value={toUser}
+//           onChange={(e) => setToUser(e.target.value)}
+//         />
+//       </div>
+//       <div>
+//         <label>Message:</label>
+//         <input
+//           type="text"
+//           value={messageContent}
+//           onChange={(e) => setMessageContent(e.target.value)}
+//         />
+//         <button onClick={sendMessage}>Send</button>
+//       </div>
+//       <div id="chatBox" style={{ border: '1px solid black', height: '300px', overflowY: 'scroll' }}>
+//         {messages.map((msg, index) => (
+//           <div key={index}>
+//             <strong>{msg.from}</strong>: {msg.content} <em>({new Date(msg.timestamp).toLocaleTimeString()})</em>
+//           </div>
+//         ))}
+//       </div>
+//     </div>
+//   );
+// };
+
+// export default Chat;
+
+import React, { useState, useEffect } from 'react';
+
+const Chat = ({ userID }) => {
+  const [socket, setSocket] = useState(null);
+  const [toUser, setToUser] = useState('');
+  const [messageContent, setMessageContent] = useState('');
+  const [messages, setMessages] = useState([]);
+
+  useEffect(() => {
+    // Establish WebSocket connection
+    const ws = new WebSocket(`ws://localhost:8080?userID=${userID}`);
+    setSocket(ws);
+
+    ws.onopen = () => console.log("Connected to WebSocket server");
+
+    ws.onmessage = (event) => {
+      const message = JSON.parse(event.data);
+      if (message.error) {
+        console.error("Error:", message.error);
+      } else {
+        setMessages((prev) => [...prev, message]);
+      }
+    };
+
+    ws.onclose = () => console.log("Disconnected from WebSocket server");
+
+    // Cleanup on component unmount
+    return () => ws.close();
+  }, [userID]);
+
+  const sendMessage = () => {
+    if (socket && toUser && messageContent) {
+      const message = { from: userID, to: toUser, content: messageContent };
+      socket.send(JSON.stringify(message));
+      setMessageContent('');
+    }
+  };
+
+  return (
+    <div>
+      <div>
+        <label>To User ID:</label>
+        <input
+          type="text"
+          value={toUser}
+          onChange={(e) => setToUser(e.target.value)}
+        />
+      </div>
+      <div>
+        <label>Message:</label>
+        <input
+          type="text"
+          value={messageContent}
+          onChange={(e) => setMessageContent(e.target.value)}
+        />
+        <button onClick={sendMessage}>Send</button>
+      </div>
+      <div id="chatBox" style={{ border: '1px solid black', height: '300px', overflowY: 'scroll' }}>
+        {messages.map((msg, index) => (
+          <div key={index}>
+            <strong>{msg.from}</strong>: {msg.content} <em>({new Date(msg.timestamp).toLocaleTimeString()})</em>
+          </div>
+        ))}
+      </div>
+    </div>
+  );
+};
+
+export default Chat;
diff --git a/client/src/pages/Login.jsx b/client/src/pages/Login.jsx
index 2b385d33..0b0ea4be 100644
--- a/client/src/pages/Login.jsx
+++ b/client/src/pages/Login.jsx
@@ -84,7 +84,7 @@ function Login() {
         </div>
         <button type='submit'>Login</button>
         <span>Don't have an account?
-            <Link to="/register">Login</Link>
+            <Link to="/register">Sign up</Link>
         </span>
       </form>
       <ToastContainer />
diff --git a/client/websocket_client.js b/client/websocket_client.js
new file mode 100644
index 00000000..f0d124ff
--- /dev/null
+++ b/client/websocket_client.js
@@ -0,0 +1,67 @@
+// // // 
+
+// // const userID = 'user1'; // unique user ID
+// // const socket = new WebSocket(`ws://localhost:8080?userID=${userID}`);
+
+// // socket.onopen = () => {
+// //   console.log("Connected to the WebSocket server");
+// // };
+
+// // socket.onmessage = (event) => {
+// //   const message = JSON.parse(event.data);
+
+// //   if (message.error) {
+// //     console.error("Error:", message.error);
+// //   } else {
+// //     displayMessage(message);
+// //   }
+// // };
+
+// // socket.onclose = () => {
+// //   console.log("Disconnected from WebSocket server"); // we can also add reconnection logic if needed
+// // };
+
+// // function sendMessage(to, content) {
+// //   const message = { from: userID, to, content };
+// //   socket.send(JSON.stringify(message));
+// // }
+
+// // function displayMessage(message) {
+// //   const chatBox = document.getElementById('chatBox');
+// //   const messageElement = document.createElement('div');
+// //   messageElement.innerText = `[${message.from}] ${message.content} (${new Date(message.timestamp).toLocaleTimeString()})`;
+// //   chatBox.appendChild(messageElement);
+// // }
+
+// // // Sending a message
+// // document.getElementById('sendButton').onclick = () => {
+// //   const toUser = document.getElementById('toUser').value;
+// //   const messageContent = document.getElementById('messageContent').value;
+// //   sendMessage(toUser, messageContent);
+// // };
+
+// import React, { createContext, useContext, useEffect, useState } from 'react';
+
+// const WebSocketContext = createContext();
+
+// export const WebSocketProvider = ({ userID, children }) => {
+//   const [socket, setSocket] = useState(null);
+
+//   useEffect(() => {
+//     const ws = new WebSocket(`ws://localhost:8080?userID=${userID}`);
+
+//     ws.onopen = () => console.log("Connected to WebSocket server");
+//     ws.onclose = () => console.log("Disconnected from WebSocket server");
+//     setSocket(ws);
+
+//     return () => ws.close();
+//   }, [userID]);
+
+//   return (
+//     <WebSocketContext.Provider value={socket}>
+//       {children}
+//     </WebSocketContext.Provider>
+//   );
+// };
+
+// export const useWebSocket = () => useContext(WebSocketContext);
\ No newline at end of file
diff --git a/package-lock.json b/package-lock.json
new file mode 100644
index 00000000..734d9065
--- /dev/null
+++ b/package-lock.json
@@ -0,0 +1,6 @@
+{
+  "name": "main-project-team-66",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {}
+}
diff --git a/server/node_modules/.package-lock.json b/server/node_modules/.package-lock.json
index 064de9ae..63cace3c 100644
--- a/server/node_modules/.package-lock.json
+++ b/server/node_modules/.package-lock.json
@@ -268,9 +268,9 @@
       }
     },
     "node_modules/cookie": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz",
-      "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==",
+      "version": "0.7.1",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.1.tgz",
+      "integrity": "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==",
       "license": "MIT",
       "engines": {
         "node": ">= 0.6"
@@ -435,9 +435,9 @@
       }
     },
     "node_modules/express": {
-      "version": "4.21.0",
-      "resolved": "https://registry.npmjs.org/express/-/express-4.21.0.tgz",
-      "integrity": "sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.21.1.tgz",
+      "integrity": "sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==",
       "license": "MIT",
       "dependencies": {
         "accepts": "~1.3.8",
@@ -445,7 +445,7 @@
         "body-parser": "1.20.3",
         "content-disposition": "0.5.4",
         "content-type": "~1.0.4",
-        "cookie": "0.6.0",
+        "cookie": "0.7.1",
         "cookie-signature": "1.0.6",
         "debug": "2.6.9",
         "depd": "2.0.0",
diff --git a/server/node_modules/cookie/HISTORY.md b/server/node_modules/cookie/HISTORY.md
deleted file mode 100644
index 41ae4b01..00000000
--- a/server/node_modules/cookie/HISTORY.md
+++ /dev/null
@@ -1,147 +0,0 @@
-0.6.0 / 2023-11-06
-==================
-
-  * Add `partitioned` option
-
-0.5.0 / 2022-04-11
-==================
-
-  * Add `priority` option
-  * Fix `expires` option to reject invalid dates
-  * perf: improve default decode speed
-  * perf: remove slow string split in parse
-
-0.4.2 / 2022-02-02
-==================
-
-  * perf: read value only when assigning in parse
-  * perf: remove unnecessary regexp in parse
-
-0.4.1 / 2020-04-21
-==================
-
-  * Fix `maxAge` option to reject invalid values
-
-0.4.0 / 2019-05-15
-==================
-
-  * Add `SameSite=None` support
-
-0.3.1 / 2016-05-26
-==================
-
-  * Fix `sameSite: true` to work with draft-7 clients
-    - `true` now sends `SameSite=Strict` instead of `SameSite`
-
-0.3.0 / 2016-05-26
-==================
-
-  * Add `sameSite` option
-    - Replaces `firstPartyOnly` option, never implemented by browsers
-  * Improve error message when `encode` is not a function
-  * Improve error message when `expires` is not a `Date`
-
-0.2.4 / 2016-05-20
-==================
-
-  * perf: enable strict mode
-  * perf: use for loop in parse
-  * perf: use string concatenation for serialization
-
-0.2.3 / 2015-10-25
-==================
-
-  * Fix cookie `Max-Age` to never be a floating point number
-
-0.2.2 / 2015-09-17
-==================
-
-  * Fix regression when setting empty cookie value
-    - Ease the new restriction, which is just basic header-level validation
-  * Fix typo in invalid value errors
-
-0.2.1 / 2015-09-17
-==================
-
-  * Throw on invalid values provided to `serialize`
-    - Ensures the resulting string is a valid HTTP header value
-
-0.2.0 / 2015-08-13
-==================
-
-  * Add `firstPartyOnly` option
-  * Throw better error for invalid argument to parse
-  * perf: hoist regular expression
-
-0.1.5 / 2015-09-17
-==================
-
-  * Fix regression when setting empty cookie value
-    - Ease the new restriction, which is just basic header-level validation
-  * Fix typo in invalid value errors
-
-0.1.4 / 2015-09-17
-==================
-
-  * Throw better error for invalid argument to parse
-  * Throw on invalid values provided to `serialize`
-    - Ensures the resulting string is a valid HTTP header value
-
-0.1.3 / 2015-05-19
-==================
-
-  * Reduce the scope of try-catch deopt
-  * Remove argument reassignments
-
-0.1.2 / 2014-04-16
-==================
-
-  * Remove unnecessary files from npm package
-
-0.1.1 / 2014-02-23
-==================
-
-  * Fix bad parse when cookie value contained a comma
-  * Fix support for `maxAge` of `0`
-
-0.1.0 / 2013-05-01
-==================
-
-  * Add `decode` option
-  * Add `encode` option
-
-0.0.6 / 2013-04-08
-==================
-
-  * Ignore cookie parts missing `=`
-
-0.0.5 / 2012-10-29
-==================
-
-  * Return raw cookie value if value unescape errors
-
-0.0.4 / 2012-06-21
-==================
-
-  * Use encode/decodeURIComponent for cookie encoding/decoding
-    - Improve server/client interoperability
-
-0.0.3 / 2012-06-06
-==================
-
-  * Only escape special characters per the cookie RFC
-
-0.0.2 / 2012-06-01
-==================
-
-  * Fix `maxAge` option to not throw error
-
-0.0.1 / 2012-05-28
-==================
-
-  * Add more tests
-
-0.0.0 / 2012-05-28
-==================
-
-  * Initial release
diff --git a/server/node_modules/cookie/index.js b/server/node_modules/cookie/index.js
index 03d4c386..51a58cbe 100644
--- a/server/node_modules/cookie/index.js
+++ b/server/node_modules/cookie/index.js
@@ -23,14 +23,66 @@ exports.serialize = serialize;
 var __toString = Object.prototype.toString
 
 /**
- * RegExp to match field-content in RFC 7230 sec 3.2
+ * RegExp to match cookie-name in RFC 6265 sec 4.1.1
+ * This refers out to the obsoleted definition of token in RFC 2616 sec 2.2
+ * which has been replaced by the token definition in RFC 7230 appendix B.
  *
- * field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ]
- * field-vchar   = VCHAR / obs-text
- * obs-text      = %x80-FF
+ * cookie-name       = token
+ * token             = 1*tchar
+ * tchar             = "!" / "#" / "$" / "%" / "&" / "'" /
+ *                     "*" / "+" / "-" / "." / "^" / "_" /
+ *                     "`" / "|" / "~" / DIGIT / ALPHA
  */
 
-var fieldContentRegExp = /^[\u0009\u0020-\u007e\u0080-\u00ff]+$/;
+var cookieNameRegExp = /^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/;
+
+/**
+ * RegExp to match cookie-value in RFC 6265 sec 4.1.1
+ *
+ * cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
+ * cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
+ *                     ; US-ASCII characters excluding CTLs,
+ *                     ; whitespace DQUOTE, comma, semicolon,
+ *                     ; and backslash
+ */
+
+var cookieValueRegExp = /^("?)[\u0021\u0023-\u002B\u002D-\u003A\u003C-\u005B\u005D-\u007E]*\1$/;
+
+/**
+ * RegExp to match domain-value in RFC 6265 sec 4.1.1
+ *
+ * domain-value      = <subdomain>
+ *                     ; defined in [RFC1034], Section 3.5, as
+ *                     ; enhanced by [RFC1123], Section 2.1
+ * <subdomain>       = <label> | <subdomain> "." <label>
+ * <label>           = <let-dig> [ [ <ldh-str> ] <let-dig> ]
+ *                     Labels must be 63 characters or less.
+ *                     'let-dig' not 'letter' in the first char, per RFC1123
+ * <ldh-str>         = <let-dig-hyp> | <let-dig-hyp> <ldh-str>
+ * <let-dig-hyp>     = <let-dig> | "-"
+ * <let-dig>         = <letter> | <digit>
+ * <letter>          = any one of the 52 alphabetic characters A through Z in
+ *                     upper case and a through z in lower case
+ * <digit>           = any one of the ten digits 0 through 9
+ *
+ * Keep support for leading dot: https://github.com/jshttp/cookie/issues/173
+ *
+ * > (Note that a leading %x2E ("."), if present, is ignored even though that
+ * character is not permitted, but a trailing %x2E ("."), if present, will
+ * cause the user agent to ignore the attribute.)
+ */
+
+var domainValueRegExp = /^([.]?[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)([.][a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/i;
+
+/**
+ * RegExp to match path-value in RFC 6265 sec 4.1.1
+ *
+ * path-value        = <any CHAR except CTLs or ";">
+ * CHAR              = %x01-7F
+ *                     ; defined in RFC 5234 appendix B.1
+ */
+
+var pathValueRegExp = /^[\u0020-\u003A\u003D-\u007E]*$/;
 
 /**
  * Parse a cookie header.
@@ -39,107 +91,128 @@ var fieldContentRegExp = /^[\u0009\u0020-\u007e\u0080-\u00ff]+$/;
  * The object has the various cookies as keys(names) => values
  *
  * @param {string} str
- * @param {object} [options]
+ * @param {object} [opt]
  * @return {object}
  * @public
  */
 
-function parse(str, options) {
+function parse(str, opt) {
   if (typeof str !== 'string') {
     throw new TypeError('argument str must be a string');
   }
 
-  var obj = {}
-  var opt = options || {};
-  var dec = opt.decode || decode;
+  var obj = {};
+  var len = str.length;
+  // RFC 6265 sec 4.1.1, RFC 2616 2.2 defines a cookie name consists of one char minimum, plus '='.
+  if (len < 2) return obj;
 
-  var index = 0
-  while (index < str.length) {
-    var eqIdx = str.indexOf('=', index)
+  var dec = (opt && opt.decode) || decode;
+  var index = 0;
+  var eqIdx = 0;
+  var endIdx = 0;
 
-    // no more cookie pairs
-    if (eqIdx === -1) {
-      break
-    }
+  do {
+    eqIdx = str.indexOf('=', index);
+    if (eqIdx === -1) break; // No more cookie pairs.
 
-    var endIdx = str.indexOf(';', index)
+    endIdx = str.indexOf(';', index);
 
     if (endIdx === -1) {
-      endIdx = str.length
-    } else if (endIdx < eqIdx) {
+      endIdx = len;
+    } else if (eqIdx > endIdx) {
       // backtrack on prior semicolon
-      index = str.lastIndexOf(';', eqIdx - 1) + 1
-      continue
+      index = str.lastIndexOf(';', eqIdx - 1) + 1;
+      continue;
     }
 
-    var key = str.slice(index, eqIdx).trim()
+    var keyStartIdx = startIndex(str, index, eqIdx);
+    var keyEndIdx = endIndex(str, eqIdx, keyStartIdx);
+    var key = str.slice(keyStartIdx, keyEndIdx);
 
     // only assign once
-    if (undefined === obj[key]) {
-      var val = str.slice(eqIdx + 1, endIdx).trim()
+    if (!obj.hasOwnProperty(key)) {
+      var valStartIdx = startIndex(str, eqIdx + 1, endIdx);
+      var valEndIdx = endIndex(str, endIdx, valStartIdx);
 
-      // quoted values
-      if (val.charCodeAt(0) === 0x22) {
-        val = val.slice(1, -1)
+      if (str.charCodeAt(valStartIdx) === 0x22 /* " */ && str.charCodeAt(valEndIdx - 1) === 0x22 /* " */) {
+        valStartIdx++;
+        valEndIdx--;
       }
 
+      var val = str.slice(valStartIdx, valEndIdx);
       obj[key] = tryDecode(val, dec);
     }
 
     index = endIdx + 1
-  }
+  } while (index < len);
 
   return obj;
 }
 
+function startIndex(str, index, max) {
+  do {
+    var code = str.charCodeAt(index);
+    if (code !== 0x20 /*   */ && code !== 0x09 /* \t */) return index;
+  } while (++index < max);
+  return max;
+}
+
+function endIndex(str, index, min) {
+  while (index > min) {
+    var code = str.charCodeAt(--index);
+    if (code !== 0x20 /*   */ && code !== 0x09 /* \t */) return index + 1;
+  }
+  return min;
+}
+
 /**
  * Serialize data into a cookie header.
  *
- * Serialize the a name value pair into a cookie string suitable for
- * http headers. An optional options object specified cookie parameters.
+ * Serialize a name value pair into a cookie string suitable for
+ * http headers. An optional options object specifies cookie parameters.
  *
  * serialize('foo', 'bar', { httpOnly: true })
  *   => "foo=bar; httpOnly"
  *
  * @param {string} name
  * @param {string} val
- * @param {object} [options]
+ * @param {object} [opt]
  * @return {string}
  * @public
  */
 
-function serialize(name, val, options) {
-  var opt = options || {};
-  var enc = opt.encode || encode;
+function serialize(name, val, opt) {
+  var enc = (opt && opt.encode) || encodeURIComponent;
 
   if (typeof enc !== 'function') {
     throw new TypeError('option encode is invalid');
   }
 
-  if (!fieldContentRegExp.test(name)) {
+  if (!cookieNameRegExp.test(name)) {
     throw new TypeError('argument name is invalid');
   }
 
   var value = enc(val);
 
-  if (value && !fieldContentRegExp.test(value)) {
+  if (!cookieValueRegExp.test(value)) {
     throw new TypeError('argument val is invalid');
   }
 
   var str = name + '=' + value;
+  if (!opt) return str;
 
   if (null != opt.maxAge) {
-    var maxAge = opt.maxAge - 0;
+    var maxAge = Math.floor(opt.maxAge);
 
-    if (isNaN(maxAge) || !isFinite(maxAge)) {
+    if (!isFinite(maxAge)) {
       throw new TypeError('option maxAge is invalid')
     }
 
-    str += '; Max-Age=' + Math.floor(maxAge);
+    str += '; Max-Age=' + maxAge;
   }
 
   if (opt.domain) {
-    if (!fieldContentRegExp.test(opt.domain)) {
+    if (!domainValueRegExp.test(opt.domain)) {
       throw new TypeError('option domain is invalid');
     }
 
@@ -147,7 +220,7 @@ function serialize(name, val, options) {
   }
 
   if (opt.path) {
-    if (!fieldContentRegExp.test(opt.path)) {
+    if (!pathValueRegExp.test(opt.path)) {
       throw new TypeError('option path is invalid');
     }
 
@@ -178,8 +251,7 @@ function serialize(name, val, options) {
 
   if (opt.priority) {
     var priority = typeof opt.priority === 'string'
-      ? opt.priority.toLowerCase()
-      : opt.priority
+      ? opt.priority.toLowerCase() : opt.priority;
 
     switch (priority) {
       case 'low':
@@ -234,17 +306,6 @@ function decode (str) {
     : str
 }
 
-/**
- * URL-encode value.
- *
- * @param {string} val
- * @returns {string}
- */
-
-function encode (val) {
-  return encodeURIComponent(val)
-}
-
 /**
  * Determine if value is a Date.
  *
@@ -253,8 +314,7 @@ function encode (val) {
  */
 
 function isDate (val) {
-  return __toString.call(val) === '[object Date]' ||
-    val instanceof Date
+  return __toString.call(val) === '[object Date]';
 }
 
 /**
diff --git a/server/node_modules/cookie/package.json b/server/node_modules/cookie/package.json
index 0c3f0063..f498ea75 100644
--- a/server/node_modules/cookie/package.json
+++ b/server/node_modules/cookie/package.json
@@ -1,7 +1,7 @@
 {
   "name": "cookie",
   "description": "HTTP server cookie parsing and serialization",
-  "version": "0.6.0",
+  "version": "0.7.1",
   "author": "Roman Shtylman <shtylman@gmail.com>",
   "contributors": [
     "Douglas Christopher Wilson <doug@somethingdoug.com>"
@@ -29,6 +29,7 @@
     "SECURITY.md",
     "index.js"
   ],
+  "main": "index.js",
   "engines": {
     "node": ">= 0.6"
   },
@@ -38,7 +39,6 @@
     "test": "mocha --reporter spec --bail --check-leaks test/",
     "test-ci": "nyc --reporter=lcov --reporter=text npm test",
     "test-cov": "nyc --reporter=html --reporter=text npm test",
-    "update-bench": "node scripts/update-benchmark.js",
-    "version": "node scripts/version-history.js && git add HISTORY.md"
+    "update-bench": "node scripts/update-benchmark.js"
   }
 }
diff --git a/server/node_modules/express/History.md b/server/node_modules/express/History.md
index 178e718f..924f1053 100644
--- a/server/node_modules/express/History.md
+++ b/server/node_modules/express/History.md
@@ -1,3 +1,8 @@
+4.21.1 / 2024-10-08
+==========
+
+* Backported a fix for [CVE-2024-47764](https://nvd.nist.gov/vuln/detail/CVE-2024-47764)
+
 4.21.0 / 2024-09-11
 ==========
 
diff --git a/server/node_modules/express/package.json b/server/node_modules/express/package.json
index f9b43a69..a36e593c 100644
--- a/server/node_modules/express/package.json
+++ b/server/node_modules/express/package.json
@@ -1,7 +1,7 @@
 {
   "name": "express",
   "description": "Fast, unopinionated, minimalist web framework",
-  "version": "4.21.0",
+  "version": "4.21.1",
   "author": "TJ Holowaychuk <tj@vision-media.ca>",
   "contributors": [
     "Aaron Heckmann <aaron.heckmann+github@gmail.com>",
@@ -33,7 +33,7 @@
     "body-parser": "1.20.3",
     "content-disposition": "0.5.4",
     "content-type": "~1.0.4",
-    "cookie": "0.6.0",
+    "cookie": "0.7.1",
     "cookie-signature": "1.0.6",
     "debug": "2.6.9",
     "depd": "2.0.0",
diff --git a/server/package-lock.json b/server/package-lock.json
index a0370a7e..059e51c0 100644
--- a/server/package-lock.json
+++ b/server/package-lock.json
@@ -14,7 +14,7 @@
         "cookie-parser": "^1.4.7",
         "cors": "^2.8.5",
         "dotenv": "^16.4.5",
-        "express": "^4.21.0",
+        "express": "^4.21.1",
         "joi": "^17.13.3",
         "jsonwebtoken": "^9.0.2",
         "mongoose": "^8.7.0"
@@ -287,9 +287,9 @@
       }
     },
     "node_modules/cookie": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz",
-      "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==",
+      "version": "0.7.1",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.1.tgz",
+      "integrity": "sha512-6DnInpx7SJ2AK3+CTUE/ZM0vWTUboZCegxhC2xiIydHR9jNuTAASBrfEpHhiGOZw/nX51bHt6YQl8jsGo4y/0w==",
       "license": "MIT",
       "engines": {
         "node": ">= 0.6"
@@ -454,9 +454,9 @@
       }
     },
     "node_modules/express": {
-      "version": "4.21.0",
-      "resolved": "https://registry.npmjs.org/express/-/express-4.21.0.tgz",
-      "integrity": "sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==",
+      "version": "4.21.1",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.21.1.tgz",
+      "integrity": "sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==",
       "license": "MIT",
       "dependencies": {
         "accepts": "~1.3.8",
@@ -464,7 +464,7 @@
         "body-parser": "1.20.3",
         "content-disposition": "0.5.4",
         "content-type": "~1.0.4",
-        "cookie": "0.6.0",
+        "cookie": "0.7.1",
         "cookie-signature": "1.0.6",
         "debug": "2.6.9",
         "depd": "2.0.0",
diff --git a/server/package.json b/server/package.json
index a3cf116e..7627961d 100644
--- a/server/package.json
+++ b/server/package.json
@@ -17,7 +17,7 @@
     "cookie-parser": "^1.4.7",
     "cors": "^2.8.5",
     "dotenv": "^16.4.5",
-    "express": "^4.21.0",
+    "express": "^4.21.1",
     "joi": "^17.13.3",
     "jsonwebtoken": "^9.0.2",
     "mongoose": "^8.7.0"
diff --git a/server/server.js b/server/server.js
index a641198f..f0df645f 100644
--- a/server/server.js
+++ b/server/server.js
@@ -4,8 +4,9 @@ const cors = require("cors");
 const dotenv = require("dotenv");
 const { connectDB } = require("./db/connectDB");
 const AuthRouter = require('./Routes/AuthRouter');
-
-
+const http = require('http'); // module added to create an HTTP server that both Express and WebSocket can use.
+//const setupWebSocket = require('./websocket'); // Importing the setupWebSocket function from the websocket.js file.
+const WebSocket = require('ws');
 
 // loading in the environment variables 
 dotenv.config()
@@ -15,6 +16,36 @@ const corsOptions = {
     origin: ("http://localhost:5173"),
 };
 
+const server = http.createServer(app); // creating an HTTP server using http.createServer(app).
+//const wss = setupWebSocket(server);// Set up WebSocket
+const wss = new WebSocket.Server({ port: 8080 });
+
+let clients = {};
+
+wss.on('connection', (ws, req) => {
+  const userID = req.url.split('userID=')[1];
+  clients[userID] = ws;
+
+  ws.on('message', (data) => {
+    const message = JSON.parse(data);
+    const { to, from, content } = message;
+
+    // Route the message to the intended recipient
+    if (clients[to]) {
+      clients[to].send(JSON.stringify({ from, content, timestamp: new Date() }));
+    } else {
+      ws.send(JSON.stringify({ error: 'User is not connected' }));
+    }
+  });
+
+  ws.on('close', () => {
+    delete clients[userID];
+  });
+});
+
+console.log("WebSocket server running on ws://localhost:8080");
+// Websocket integration 
+
 app.use(cors(corsOptions));
 app.use(bodyParser.json());
 app.use('/auth', AuthRouter);