hooks.server.ts can no longer read cookies once auth/login api published to Azure vs localhost

[josephceth]

We have a web api backend where */api/auth/login returns secure HTTPOnly accessToken and refreshToken cookies. These cookies are read in hooks.server.ts via:

export const handle: Handle = async ({ event, resolve }) => {
	// get cookies from browser
	const accessToken = event.cookies.get('accessToken');
        const refreshToken = event.cookies.get('refreshToken')

C# CookieOptions

 private readonly CookieOptions accessCookieOptions = new CookieOptions
        {
            HttpOnly = true,
            Expires = DateTime.Now.AddMinutes(10),
            SameSite = SameSiteMode.Lax,
            Secure = true,
        };

Once the API was published to Azure, the site is still running on localhost, the accessToken and refreshTokens are not long getting set, event.cookies.get('accessToken') is undefined

I have confirmed via the site's swagger frontend, Postman, and Chrome Dev Tools that the cookies are being returned in the response.
I'm sure I have this setup incorrectly, but is there a reason it works when the API is running locally vs in Azure? Thanks!

[vecter]

I'm running into this issue also. I have the frontend code on Vercel talking to a backend REST API on Heroku. On a fresh page load (refreshing the page in the browser or typing the URL and pressing [Enter]), in the first time that handle runs, the cookies are not set. This is ruining my session-based auth check and route protection.