I have a Blazor Web App that uses cookie authentication (not the built-in Identity). I’m trying to understand why when I authenticate the user directly in the application, the authentication cookie is included in the response header and shows up in the browser cookies tab, but if I put the authentication logic, same code, behind an endpoint, then the cookie is not included anymore. To add more confusion, if I consume the endpoint from an external tool like Insomnia, http file or Postman, I can see the cookie in the response header, so it has to do with the client type.
This is Blazor Web App with global interactive auto, but I’m sure it doesn’t matter here.
Login component runs static SSR mode: