A message from kapa.ai

The order of cookies when sending to Kratos APIs does not matter. According to the [Kratos API Reference](https://www.ory.sh/docs/kratos/reference/api), it is okay if more than one cookie is included in the request as all other cookies will be ignored. The important part is that the session cookie (

ory_kratos_session

) is included in the request. If you're experiencing issues, it might be due to other factors such as the cookie values being incorrect or expired, or issues with the domain or subdomain setup. For example, cookies work best on the same domain and it's not possible to get cookies running across Top Level Domains (TLDs). Make sure that your application and Ory Kratos Public API are available on the same domain. If they are on separate subdomains, you need to set the domain name in the Kratos config file under

session.cookie.domain

as mentioned in the [Kratos CSRF troubleshooting guide](https://www.ory.sh/docs/kratos/debug/csrf#running-on-separate-subdomains). If you're still having issues, you might want to check out the [CSRF troubleshooting guide](https://www.ory.sh/docs/troubleshooting/csrf#further-reading) for more information.

The order of cookies when sending to Kratos APIs does not matter. According to the [Kratos API Reference](https://www.ory.sh/docs/kratos/reference/api), it is okay if more than one cookie is included in the request as all other cookies will be ignored. The important part is that the session cookie (

ory_kratos_session

) is included in the request. If you are experiencing issues, it might be due to other factors such as the cookie values being incorrect or expired, or issues with the domain or subdomain setup as mentioned in the [CSRF troubleshooting guide](https://www.ory.sh/docs/kratos/debug/csrf#running-on-separate-subdomains). Please ensure that your application and Ory Kratos Public API are available on the same domain, and that the domain name is correctly set in the Kratos config file under

session.cookie.domain

.