@User btw, how did you manage session management before? I ask cause: - You can't use httpOnly cookies attached to one API since you have multple APIs. - Which means you must have stored the session tokens in localstorage? - If yes, that means in browsers like safari (due to their new privacy features), localstorage will get wiped out after 7 days of inactivity. This means users who use safari will get logged out if they don't visit your site once every 7 days.