Weird behavior with setting cookies


I have 2 identical (clones) VMs, only the public IPs are different.
in Cloudflare DNS they are mapped under different domains, with their respective different IPs.

The same software runs on both of them, and during the login phase, the software sets a cookie named __Secure-next-auth.session-token, which contains a JWT token, identifying currently logged-in user.

The problem is that one machine is not setting that cookie, while the other one successfully does.

– How to debug that situation, check response headers, etc?
– Is there something like IP blacklist in Cloudflare for cookies?
– Is there any special handling for the cookies containing certain words in name or value?


Also, if I bypass Cloudflare proxy, and use it only as DNS, everything works.