php -S 127.0.0.1:3000 ory proxy --port 4000 http://127.0.0.1:3000 https://test.knoxxa.digital nginx with proxy_pass http://127.0.0.1:4000/ (valid ssl certs and page loads without errors) 1. unable to get the "token" in the php (to logout) 2. unable to sign-in due to CRSF error: An error occurred with the following message: Please retry the flow and optionally clear your cookies. The request was rejected to protect you from Cross-Site-Request-Forgery (CSRF) which could cause account takeover, leaking personal information, and other serious security issues. 3. get this error if logged out, on the php log, it then redirects to https://test.knoxxa.digital/.ory/ui/login?flow=bdd4f395-0095-4fc4-87df-2116ab019765 then redirects to the following once i try to login: http://127.0.0.1:4000/.ory/ui/error?id=b26ee970-b1ad-486d-a287-c565a6c64661 [Thu Jan 26 080806 2023] Exception when calling toSession: [401] Client error:

GET <http://localhost:4000/.ory/sessions/whoami>

resulted in a

401 Unauthorized

response: {"error":{"code":401,"status":"Unauthorized","request":"ce03894d-0c02-97e1-8f6f-ecf2a1845b8e","reason":"No valid session (truncated...)

Hi @full-father-97136 I sent a message here which might help with this https://ory-community.slack.com/archives/C02MR4DEEGH/p1674743130057409?thread_ts=1674651209.690619&cid=C02MR4DEEGH To clarify, your PHP server should always include all cookies from the browser (ui) on each request to Ory e.g. a middleware inside your php application should forward any cookie headers to Ory. The domain is important here since it scopes the cookie. So if you are going to your PHP application (which provides the UI) on host localhost:3000 but Ory is mirrored on localhost:4000/.ory/ through the proxy then you should always be making requests to ory through the proxy. Example: 1. visit your php application through localhost:4000 (proxy) -> localhost:3000 (php server) 2. browser is now always on localhost:4000 3. any request you make from the browser to ory is now through localhost:4000/.ory/