diff --git a/internal/ws/handler.js b/internal/ws/handler.js
index cbe68da..deeed3f 100644
--- a/internal/ws/handler.js
+++ b/internal/ws/handler.js
@@ -30,10 +30,12 @@ export function setupWebSocket(server, hub, limiter) {
 
     // Hand over control to 'ws' library to complete the upgrade protocol handshake.
     wss.handleUpgrade(request, socket, head, (wsConn) => {
-      // Set remote address on socket mock for later client IP queries.
-      // This ensures we can resolve client IP even after connection is upgraded.
-      wsConn._socket = wsConn._socket || {};
-      wsConn._socket.remoteAddress = ip;
+      if (wsConn._socket) {
+        Object.defineProperty(wsConn._socket, 'remoteAddress', {
+          value: ip,
+          configurable: true
+        });
+      }
 
       // Instantiate a new Client wrapper.
       // Event listeners are automatically attached in the Client constructor.
diff --git a/internal/ws/hub.js b/internal/ws/hub.js
index 950d821..23a6dec 100644
--- a/internal/ws/hub.js
+++ b/internal/ws/hub.js
@@ -213,14 +213,14 @@ export class Hub {
     if (!client.userID) {
       if (base.type !== protocol.TypeAuthenticate) {
         client.send(protocol.newError(protocol.ErrTokenInvalid, 'Authentication required'));
-        client.close();
+        setTimeout(() => client.close(), 200);
         return;
       }
 
       const { session_id, user_id } = base;
       if (!session_id || !user_id) {
         client.send(protocol.newError(protocol.ErrTokenInvalid, 'Missing session_id or user_id'));
-        client.close();
+        setTimeout(() => client.close(), 200);
         return;
       }
 
@@ -228,13 +228,13 @@ export class Hub {
       const sess = this.store.getSession(session_id);
       if (!sess) {
         client.send(protocol.newError(protocol.ErrSessionNotFound, 'No active session found'));
-        client.close();
+        setTimeout(() => client.close(), 200);
         return;
       }
 
       if (sess.status === 'ended') {
         client.send(protocol.newError(protocol.ErrSessionNotFound, 'Session already ended'));
-        client.close();
+        setTimeout(() => client.close(), 200);
         return;
       }
 
@@ -244,19 +244,19 @@ export class Hub {
         role = 'driver';
         if (sess.driverConn) {
           client.send(protocol.newError(protocol.ErrSessionExists, 'Driver already connected'));
-          client.close();
+          setTimeout(() => client.close(), 200);
           return;
         }
       } else if (user_id === sess.passengerID) {
         role = 'passenger';
         if (sess.passengerConn) {
           client.send(protocol.newError(protocol.ErrSessionExists, 'Passenger already connected'));
-          client.close();
+          setTimeout(() => client.close(), 200);
           return;
         }
       } else {
-        client.send(protocol.newError(protocol.ErrUnauthorizedUser, 'User not authorized for this session'));
-        client.close();
+        client.send(protocol.newError(protocol.ErrUnauthorizedUser, `User not authorized for this session. Got: ${user_id}, expected driver: ${sess.driverID} or passenger: ${sess.passengerID}`));
+        setTimeout(() => client.close(), 200);
         return;
       }