Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

When I call the `whoami` endpoint with the `X-Session-Token` set to `ory_st_7ek8qeAbffehkb9dGFoz1dWNZeVQuatd`it tells me
```{
  "error": {
    "code": 500,
    "status": "Internal Server Error",
    "message": "securecookie: base64 decode failed - caused by: illegal base64 data at input byte 36"
  }
}```
And the official API doc says the format is `MP2YWEMeM8MxjkGKpH4dqOQ4Q4DlSPaj` but on the rare occasions the Session Token is mentionned in the doc it says it is prefixed with `ory_st`.
I am quite confused and can't understand where to go from there...

The error 500 was coming from me trying to set a wrong "ory_kratos_session" cookie manually.