Even though there is a cookie in the request, there is a set-cookie in each response.
Why not only set-cookie in the first response?
Thank you；
this my koa-session config:

and

FYI,

rolling: false,
/** (boolean) Force a session identifier cookie to be set on every response.
The expiration is reset to the original maxAge, resetting the expiration
countdown. (default is false) */