在我看来，您在身份验证后没有为每个请求提供身份验证信息.身份验证发生后，您能否验证每个请求都发送了一些会话cookie或身份验证标头?

It seems to me that you do not provide authentication information with each request after the authentication. Can you verify that you have some session cookie or authentication header sent with each request after the authentication happens?