We have a singe-page application hosted on web server, REST APIs are hosted on app server (no internet). For API calls from browser, we have setup reverse proxy on the web server. ; also setup ARR-Forward proxy on web server, to make outbound calls to Okta (to generate access token) from App server. The token that gets generated is used to protect our endpoints; but we are running into an issue that invalidates the access token. It looks like there is some issue related to cookies that Okta generates. For some reason, API endpoint call from browser does not read cookie information, and hence the call fails. (HttpContext.User.IsAuthenticated = false). Could you please guide. I am reading several articles, that say Proxy and Cookies do not go along, and to make it work, we could use outbound rule on URL Rewrite on Reverse Proxy. That does not seem to work either for me. Could someone help me know if it is known issue.