
when your browse can not use cookie and you send a request with wrong token format in header, in old code will return msg with cookie token is empty in new code will return msg with auth header is invalid it just is a small bug, and almost impossible to show up