diff --git a/backend/src/app.module.ts b/backend/src/app.module.ts
index a40569e..c7bdb25 100644
--- a/backend/src/app.module.ts
+++ b/backend/src/app.module.ts
@@ -1,8 +1,7 @@
-import { Module, NestModule, MiddlewareConsumer } from '@nestjs/common';
+import { Module } from '@nestjs/common';
 import { ServeStaticModule } from '@nestjs/serve-static';
 import { ThrottlerModule } from '@nestjs/throttler';
 import { join } from 'path';
-import * as cookieParser from 'cookie-parser';
 import { PrismaModule } from './prisma/prisma.module';
 import { AuthModule } from './auth/auth.module';
 import { VaultModule } from './vault/vault.module';
@@ -28,9 +27,4 @@ import { RdpModule } from './rdp/rdp.module';
     }),
   ],
 })
-export class AppModule implements NestModule {
-  configure(consumer: MiddlewareConsumer) {
-    // Cookie parser for JWT-in-cookie auth (C-2)
-    consumer.apply(cookieParser()).forRoutes('*');
-  }
-}
+export class AppModule {}
diff --git a/backend/src/main.ts b/backend/src/main.ts
index 7495f47..00b6fb4 100644
--- a/backend/src/main.ts
+++ b/backend/src/main.ts
@@ -1,4 +1,5 @@
 import helmet from 'helmet';
+import * as cookieParser from 'cookie-parser';
 import { NestFactory } from '@nestjs/core';
 import { ValidationPipe } from '@nestjs/common';
 import { WsAdapter } from '@nestjs/platform-ws';
@@ -19,6 +20,7 @@ process.on('unhandledRejection', (reason: any) => {
 
 async function bootstrap() {
   const app = await NestFactory.create(AppModule);
+  app.use(cookieParser());
   app.use(helmet({
     contentSecurityPolicy: {
       directives: {