CloudFlare does not send access token cookie

I have a website that have an API for the app (android/ios), the api has a login system with access token, after enabling CloudFlare on my website it doesn’t send the access token cookie from the app, even though it login, everything working fine before enabling CloudFlare.

What are your HTTP response headers at the API?

​​​
“alt-svc”: “h3-27=”:443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400"
​​​
“cache-control”: “no-store, no-cache, must-revalidate”
​​​
“cf-cache-status”: “DYNAMIC”
​​​
“cf-ray”: “6359…8-BGW”
​​​
“cf-request-id”: “090bb631f6…0000000001”
​​​
“content-type”: “application/json”
​​​
date: “Thu, 25 Mar 2021 15:59:55 GMT”
​​​
“expect-ct”: “max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct””
​​​
expires: “Thu, 19 Nov 1981 08:52:00 GMT”
​​​
nel: “{“report_to”:“cf-nel”,“max_age”:604800}”
​​​
pragma: “no-cache”
​​​
“report-to”: “{“endpoints”:[{“url”:“https:\/\/a.nel.cloudflare.com\/report?s=7tn1LRl%2F…1cbt%2FdUeo…ewghCPed2pm%2Bmqg5lD…yYGzmihtteBxOqNiQtDnkXhM%2FREj”}],“group”:“cf-nel”,“max_age”:604800}”
​​​
server: “cloudflare”
​​​
vary: “Accept-Encoding,User-Agent”
​​​
“x-powered-by”: “PHP/7.4.11”

So, what was it about that particular cookie that made authentication simple for you & your users? I ask because you can always create your own Set-Cookie header with any values you’d like, though using a pseudo random number generator, idk, via Workers. If not, the process is simplified. There is always Cloudflare’s new mTLS for APIs, though I don’t know your setup.

When I login the site generates JWT token for the user, in the app I send the JWT as access_token cookie for each request

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.