Flow endpoints use a session token cookie to establish the user’s authentication session and maintain the session throughout the workflow. However, a cookie is set only after the identity of the user has been partially established. Custom login application developers can handle cookies through a browser or, for non-browser authentication flows, in the same manner as a browser, by saving the cookies when returned in an HTTP response from PingOne, and including them on subsequent requests. Also, application developers should use the cookie handling features of the development platform or HTTP client library (or both) whenever possible.