Hello, Due to some mistakes in FE, we don't handle correctly cookie checking at FE, due to some actions like reset password or registration got error like this one:

{
  "code": 400,
  "status": "Bad Request",
  "reason": "A valid session was detected and thus recovery is not possible.",
  "message": "The request was malformed or contained invalid parameters"
}

I checked that there are 3 end points will check session:

.ory/kratos/public/self-service/login
.ory/kratos/public/self-service/recovery
.ory/kratos/public/self-service/registration

For login endpoint, I can bypass this check via "refresh=true" param, but there is no param to bypass this for 2 remaining endpoints. My question here is: Do we really need to have this check? I think the requirement to have that checking is from business team, some kind like: some companies will allow end-user to reset pass + register the new one while they're logged in (Gmail is an example, we don't need to logout and we can register new accounts) --> should we have configure to turn on/off this check for recovery + registration flow (or, have same param refresh=true for these 2 flows)?

I believe there's an open PR for this already!

let I check