The error message you're receiving indicates that the flow cookie is missing in the request. This could be due to a number of reasons, such as running the OAuth2 flow in separate browsers, running multiple OAuth2 flows simultaneously, or changing the Cookie SameSite behavior. If you're building a server-side application, make sure to include the

Cookie

header from the client when fetching the self-service flows. Here's an example of how to do this:

javascript export default (req: Request, res: Response) => {    // ...    .getLoginFlow({ id: flow, cookie: req.header("cookie") })   }

Without forwarding the

Cookie

HTTP header you can't fetch the flow due to a security error. This prevents leaks of personal information when users copy and paste, for example, the login URL. Also, ensure that you have a cookie named

oauth2_authentication_session

for the URL Ory OAuth2 & OpenID Connect is running on, and for the domain that's in your

http://.../oauth2/sessions/logout

. For more details, you can refer to the [Ory troubleshooting guide](https://www.ory.sh/docs/troubleshooting/csrf) and the [Ory OAuth2 concepts documentation](https://www.ory.sh/docs/oauth2-oidc/overview/oauth2-concepts).