Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

I have an issue that I find hard to explain. 
Sometimes, the cookies get invalidated. 
We find that sometimes after we make changed to the deployments (unclear if it happens after changing our self hosted kratos or the front end), users would no longer be able to make any actions, including signing in. 
All actions would result in CSRF errors, and the only way we found to "fix" it is to clear the browser cookies for the problematic domain. 
This happens all the time but we just aren't able to pinpoint the cause. 
Has anyone experienced this?

Maybe there is a secret you keep overwriting/resetting when you deploy it?

Just on my mobile, but I thought there was a cookie/session thing maybe? Or maybe I am totally off.

What secret could it possibly be? I don't choose what gets written or removed, the ory client sdk does everything