fix(ancpi): try HTTP URL for ePay session establishment

OpenAM goto URL is http://epay.ancpi.ro:80 (HTTP, not HTTPS).
Try multiple URL variants to establish JSESSIONID after OpenAM auth.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/modules/parcel-sync/services/epay-client.ts

@@ -216,14 +216,42 @@ export class EpayClient {
       throw new Error("ePay login failed (no session cookie)");
     }
 
-    // Navigate to ePay to establish JSESSIONID (if not already there)
-    const hasJsessionId = allCookies.some((c) => c.key === "JSESSIONID");
-    if (!hasJsessionId) {
-      await this.client.get(`${BASE_URL}/LogIn.action`, {
+    // Navigate to ePay to establish JSESSIONID
+    // CRITICAL: ePay's goto URL is HTTP (http://epay.ancpi.ro:80), not HTTPS.
+    // The AMAuthCookie must be sent to this exact URL for ePay to create a session.
+    const epayUrls = [
+      "http://epay.ancpi.ro:80/epay/LogIn.action",
+      "http://epay.ancpi.ro/epay/LogIn.action",
+      `${BASE_URL}/LogIn.action`,
+    ];
+
+    let jsessionEstablished = false;
+    for (const epayUrl of epayUrls) {
+      try {
+        const epayResponse = await this.client.get(epayUrl, {
           timeout: DEFAULT_TIMEOUT_MS,
           maxRedirects: 5,
           validateStatus: () => true,
         });
+        const epayHtml = String(epayResponse.data ?? "");
+
+        // Check if we got the logged-in page (has credit info or user menu)
+        if (
+          epayHtml.includes("credit") ||
+          epayHtml.includes("LogOut") ||
+          epayHtml.includes("Istoric")
+        ) {
+          jsessionEstablished = true;
+          console.log(`[epay] Session established via ${epayUrl}`);
+          break;
+        }
+      } catch {
+        // Try next URL
+      }
+    }
+
+    if (!jsessionEstablished) {
+      console.warn("[epay] Could not establish ePay session, but AMAuthCookie is set.");
     }
 
     console.log("[epay] Login successful.");