Hi, I'm facing a problem with the

st-auth-mode

request header. First, I do a signup request (using the email password recipe) where I set the header

st-auth-mode: cookie

. I then get a response with

Set-Cookie

headers for the access token and refresh token. This is as expected. Next, I do a signup request where I don't set the

st-auth-mode

header. I then get a response with both

Set-Cookie

headers and

st-access-token

and

st-refresh-token

headers. I do not expect to get the

Set-Cookie

headers. I do a signup request one more time, again without setting the

st-auth-mode

header. This time only the

st-access-token

and

st-refresh-token

headers are set. This is as expected. All signup requests I do afterwards without the

st-access-token

header give the same proper result. The second request should not have returned the

Set-Cookie

headers. Is this a known issue or am I doing something wrong?

its expected cause in the second request, the cookies from the first request must be going in the API, so our sdk clears those older cookies. Otherwise, you would still have those sAccessToken cookies from the older session interfering with the new tokens.