How can I use cookies to maintain login status using API login?

I use Weixin’s applet to log in to erpnext through the api. After successful login, I access api/resource/doctype and get the result “You do not have enough permissions to complete the action”. I add cookie information to the header, but the second API accesses the result cookie sid = Guest. The code is as follows:

wx.request({
	url: 'https://www.***.com/api/method/login?usr=Administrator&pwd=f55b49c5dd43add21794ab10',
	method: 'GET',
	success: function(res) {
		console.log(res);
		if (res && res.header && res.header['Set-Cookie']) {
			//successful login,
			// wx.setStorageSync('cookie_Key', res.header['Set-Cookie'].split("sid=")[1].split("; Expires=")[0]); //get sid
			wx.setStorageSync('cookie_Key', res.cookies); //get cookie
			wx.setStorageSync('cookie_token', res.data['csrf_token']); //get token
		}

		let cookie = wx.getStorageSync('cookie_Key');
		let token = wx.getStorageSync('cookie_token');
		let header = {
			'Content-Type': 'application/x-www-form-urlencoded'
		};
		// let header = { 'Content-Type': 'x-www-form-urlencoded;charset=UTF-8'};
		if (cookie) {
			header.cookies = cookie;
			header['Set-Cookie'] = cookie;
			header['X-Frappe-CSRF-Token'] = token;
			console.log(header);
		}

		wx.request({
			url: 'https://www.***.com/api/resource/User',
			method: "GET",
			headers: header,
			success: function(res) {
				console.log(res);
			},
			fail: function(err) {
				// fail
				console.log(err);
			}
		})
	},
	fail: function(err) {
		// fail
		console.log(err);
	}
})

Because of Wechat’s widget mechanism, cookies will not be stored automatically like browsers, and I need to store them myself. But how can I use the information in the cookies that I get when accessing the second api?

I found the code “frappe. request. cookies. get (‘sid’,‘Guest’)” for Sid in sessions. py, but I added cookies to the request header. Why didn’t I find them in print?

if (res && res.header && res.header['Set-Cookie']) {
	wx.setStorageSync('cookie_Key', res.header['Set-Cookie']);
	wx.setStorageSync('cookie_token', res.data['csrf_token']);
}

let cookie = wx.getStorageSync('cookie_Key');
let token = wx.getStorageSync('cookie_token');
let header = {
	'Content-Type': 'application/x-www-form-urlencoded'
};
// let header = { 'Content-Type': 'x-www-form-urlencoded;charset=UTF-8'};
if (cookie) {
	header.cookie = cookie;
	header['X-Frappe-CSRF-Token'] = token;
}
res.header['Set-Cookie'].replace(/ Path=\/,/g, "")

I succeeded. The cookie information saved needs to be removed from the path. Otherwise, the information obtained by the server is wrong. That’s how simple it is. It bothers me all day.