AntiPattern
Cookie Scope & SameSite Mismatch
cookie-samesite-domain-mismatch
Client sessions fail because cookies are not scoped to the right domain/subdomain or blocked by SameSite rules, so browsers omit auth state or fail WebSocket/redirect flows, breaking API calls and OAuth-style token exchange.