You should use the inspect tool at https://moleburrow.com/console/inspect to see the request and response headers. Everything will be clear there.
For ngrok, you can go to http://127.0.0.1:4040/inspect/http.

Make sure you use HTTPS; otherwise, the cookie will be ignored. Also, don’t use sameSite: 'none' if your backend and frontend are on the same domain.