Why are my users getting signed out by third-party cookie blocking?
If your frontend calls the Forte API directly, the session cookie is set on Forte's domain — a third-party cookie that modern browsers block. Every service reserves the /_forte path prefix for exactly this: point the SDK's baseUrl at https://your-service-domain/_forte and the cookie is set first-party on your own domain.
Only client-side (forte.users.*) routes travel through the prefix, and those requests don't count toward your service's logs or metrics.