diff --git a/handlers/google_auth.go b/handlers/google_auth.go
index af84223..f339540 100644
--- a/handlers/google_auth.go
+++ b/handlers/google_auth.go
@@ -219,10 +219,12 @@ func GoogleCallback(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if !emailExists {
+		helper.LogError(errors.New("unregistered email"), "Google login attempt with unregistered email: "+email)
 		if FetchedRedirectURI != nil && *FetchedRedirectURI != "" {
 			RedirectURI := *FetchedRedirectURI
 			log.Print("RedirectURI from query param: ", RedirectURI)
 			if !IsAllowedRedirectURI(RedirectURI) {
+				helper.LogError(errors.New("unauthorized redirect uri"), "Blocked redirect URI for unregistered email: "+RedirectURI)
 				helper.RespondWithError(w, http.StatusUnauthorized, "Unauthorized RedirectURI")
 				log.Print("Unauthorized RedirectURI: ", RedirectURI)
 				return
@@ -294,6 +296,7 @@ func GoogleCallback(w http.ResponseWriter, r *http.Request) {
 
 	err = helper.LogLoginEventV2(userID, ipAddress)
 	if err != nil {
+		helper.LogError(err, fmt.Sprintf("Failed to log login event. user_id=%s ip=%s", userID, ipAddress))
 		helper.RespondWithError(w, http.StatusBadGateway, "Failed to Log Login Event")
 		return
 	}
@@ -304,6 +307,7 @@ func GoogleCallback(w http.ResponseWriter, r *http.Request) {
 		RedirectURI := *FetchedRedirectURI
 		log.Print("RedirectURI from query param: ", RedirectURI)
 		if !IsAllowedRedirectURI(RedirectURI) {
+			helper.LogError(errors.New("unauthorized redirect uri"), "Blocked redirect URI after successful auth: "+RedirectURI)
 			helper.RespondWithError(w, http.StatusUnauthorized, "Unauthorized RedirectURI")
 			log.Print("Unauthorized RedirectURI: ", RedirectURI)
 			return
@@ -324,12 +328,21 @@ func GoogleCallback(w http.ResponseWriter, r *http.Request) {
 
 func validateState(w http.ResponseWriter, r *http.Request) bool {
 	cookie, err := r.Cookie("oauth_state")
-	if err != nil || r.URL.Query().Get("state") != cookie.Value {
+	callbackState := r.URL.Query().Get("state")
+	if err != nil {
+		helper.LogError(err, "oauth_state cookie missing or unreadable during callback")
 		helper.LogWarn(errorInvalidState)
 		helper.RespondWithError(w, http.StatusUnauthorized, errorInvalidState)
 		return false
 	}
-	helper.LogInfo(fmt.Sprintf("Cookie state: %s, Callback state: %s", cookie.Value, r.URL.Query().Get("state")))
+
+	if callbackState != cookie.Value {
+		helper.LogError(errors.New("oauth state mismatch"), fmt.Sprintf("OAuth state mismatch. cookie_state=%s callback_state=%s", cookie.Value, callbackState))
+		helper.LogWarn(errorInvalidState)
+		helper.RespondWithError(w, http.StatusUnauthorized, errorInvalidState)
+		return false
+	}
+	helper.LogInfo(fmt.Sprintf("Cookie state: %s, Callback state: %s", cookie.Value, callbackState))
 	return true
 }