Recipes Core Pack · Auth

Add Auth (Session/Cookie)

This recipe helps validate cookie attributes, CORS, and client credential settings together.

Important

For cross-origin flows, always review `SameSite=None` together with `Secure=true`.

Cookie Auth Prompt

Copy and use

"I need to add session/cookie-based authentication. Create an implementation runbook with the constraints below. [Inputs] - Frontend origin: [FRONTEND_ORIGIN] - Backend origin: [BACKEND_ORIGIN] - HTTPS enabled: [true/false] - Cookie strategy: [httpOnly/session/refresh] - Backend stack: [FastAPI/Hono/Nest] [Output requirements] 1) Login/logout/session-check API design 2) Recommended CORS + cookie attributes (SameSite/Secure) 3) Client credentials configuration 4) Test scenarios 5) Common failure cases and fixes"

Copy this prompt and paste it into your AI chat.

Client Request Example

typescript

await fetch('https://api.example.com/session', {
  method: 'GET',
  credentials: 'include',
});

Execution Checklist

0/5 done

Design auth APIsDefine login/logout/session-check

Configure cookie attributesFinalize SameSite/Secure/httpOnly

Apply CORS policyValidate origin and credentials pairing

Set client behaviorEnable credentials in fetch/axios

Run integration checksReproduce in browser and deployed env

TL;DR

Use this section as a quick baseline for cookie/session auth changes.
Replace branch names, secrets, URLs, and thresholds with your team-specific values.

Prerequisites

Confirm repository and runtime access permissions.
Verify baseline commands (`install`, `build`, `test`) for local/CI.
Ensure environment variables, secrets, and deployment targets are up to date.

Steps

Lock the change goal and scope in one sentence.
Apply the core cookie/session auth changes changes in minimal commits.
Capture validation logs and immediately update checklist/docs.

Validation

Confirm build/test pass reproducibly on the current branch.
Run manual sample checks on critical user/operation flows.
Cross-check ko/en docs and links for intent consistency.

Troubleshooting

Capture logs, request payloads, and environment values first on failures.
Narrow down by permissions, env vars, routing, and build artifacts.
Record temporary mitigation and root-cause fix separately.

References

Auth Overview

Compare authentication approaches

Auth Cookie Errors

Diagnose cookie delivery issues

Last updated: February 22, 2026 · Version: v0.0.1

Send Feedback

Opens a new issue page with your message.

Open GitHub Issue