diff --git a/frontend/e2e/auth.spec.ts b/frontend/e2e/auth.spec.ts
index 06c290f4..5e38e15b 100644
--- a/frontend/e2e/auth.spec.ts
+++ b/frontend/e2e/auth.spec.ts
@@ -48,6 +48,15 @@ test.describe('Authentication', () => {
 		await page.screenshot({ path: 'test-results/e2e/login-success.png' });
 	});
 
+	test('login establishes a session that authenticates API calls', async ({ page }) => {
+		// Guards against regressions where the session cookie is set but broken —
+		// a working URL redirect is not enough evidence that auth works end-to-end.
+		await login(page);
+		const response = await page.request.get('/api/users/me');
+		expect(response.ok()).toBe(true);
+		await page.screenshot({ path: 'test-results/e2e/auth-session-valid.png' });
+	});
+
 	test('logout clears the session and redirects to /login', async ({ page }) => {
 		await login(page);
 		// Logout is inside the user avatar dropdown — open it first