Forbidden 403 caused by weird auth0_transient_0 persistent cookie (PHP, CI4)

I’m creating a (PHP) CodeIgniter4 application and want to integrate Auth0. I did it successfully in my local setup, but when exporting it to the remote server I keep getting this weird error: When Auth0 redirects to my Callback URL, it does with this auth0_transient_0 cookie that somehow breaks something and all of my app’s routes start only returning the 403 Forbidden error page.

If I delete the cookie manually, I can browse just fine, but as soon as I try to authenticate via Auth0, this cookie reappears and breaks my app. My Auth0 logs state that there was a successfull login, so I don’t understand what may be causing the problem. ClientId, Secret, CookieSecret, RedirectUri, all fine, else I would get an error in my Auth0 logs.

What could be causing the problem? This cookie has values “tag”, “iv” and “data”.

1 Like

I think this problem is being thrown by an encryption problem, or may well be because the cookie path is incorrect.

Did you check the domain and path of the cookie?

1 Like

Yes I did. The domain is the same as my web app, and the path is ‘/’.

If it is an encryption issue, why is it breaking other routes?