Maybe consider adding a note about setting

credentials include

for js clients to the cookies section. it takes some digging on slack to figure out why it doesn't work out of the box (https://github.com/ktorio/ktor/pull/4793, https://youtrack.jetbrains.com/issue/KTOR-539/Ability-to-use-browser-cookie-storage#focus=Comments-27-4775173.0-0)

I mean, that's not ktor-specific. That's just a web platform thing: https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#including_credentials