Since we don’t need the cookie on all path URLs we can set the path on at least cs_jwt_refresh and cs_jwt to be applicable only on `/api`
Tested this in couple of minutes, and it doesn’t include the cookie in static assets requests
There’s a problem with something on landing page, all requests are throwing Invalid JWT token - invalid jwt string but only on landing page -> RHCLOUD-20451
Potential problem with different paths
If some app will fire request on different path other than /api we’d have to duplicate the JWT cookie
Will push the problem to server side itself
If the header size is larger than the expected value on API server it will blow once again -> RHCLOUD-20452
Story
Major
