Based on the knowledge sources, Ory's authentication flows are designed to work with HTTP cookies in specific ways depending on whether you're using browser-based or API-based flows. When creating a login flow on the server and then wanting to set cookies manually on the client, there are some important considerations: For browser-based flows, cookies are typically set automatically by the browser when the Ory server responds with a

Set-Cookie

header. This is the recommended approach as it handles all the security aspects (like

secure

,

httpOnly

, and

sameSite

flags) properly. If you're trying to manually handle cookies between server and client, you'll need to: 1. When creating a login flow on the server, you'll receive cookies in the response that need to be forwarded to the client. 2. For subsequent requests from the client using the

frontendApi

, you must ensure cookies are included with requests, which can be done by setting the

withCredentials: true

option in the SDK configuration:

javascript import { Configuration, FrontendApi } from "@ory/client"  const frontend = new FrontendApi(   new Configuration({     basePath: "<http://localhost:4000>", // Your Ory URL     baseOptions: {       withCredentials: true,     },   }), )

This configuration ensures that cookies are automatically sent with requests [Ory session](https://www.ory.sh/docs/kratos/session-management/overview#using-ory-session-cookie). However, there's a challenge with this approach. The knowledge sources don't explicitly show a way to manually set cookies from the server to the client using the SDK. This is because: 1. Ory's security model relies on cookies being set by the browser directly from Ory's responses 2. Manually setting HTTP-only cookies from JavaScript isn't possible (by design for security) A more standard approach would be to: - Let the browser handle the initial login flow directly with Ory - Or redirect the user to complete the flow in the browser after server-side initialization If you're building a server-side rendered application, you should forward the cookies received from Ory when validating sessions [Migrate to Ory tutorial](https://www.ory.sh/docs/migrate-to-ory#integrate-backend). The knowledge sources don't provide a direct method to manually set Ory cookies on the client side after server-side flow creation, as this would potentially circumvent security measures built into the cookie-based authentication model.