What cookies do you set, and why?
When users look up their account, two cookies are set.
PHPSESSID allow a user to stay logged in without needing to resubmit their username and password for each page visited (it doesn’t contain any personal info, just a random key). This cookie expires when the user closes the browser.
jwt identifies the logged in user, and is used to send API requests to other GMB microservices. It’s valid for 24 hours then expires, and does not contain personal info.