Yes I read the same. So the issue that I probably had is when you spam refresh the browser will cancel the last in progress request which contains the new cookie id. At that point the browser cookie id is not updated and that cookie id is invalidated