passportjs sends a cookie on each request

app.use(
    session({
        secret: process.env.SECRET,
        saveUninitialized: true,
        resave: true,
        cookie: { maxAge: 1000 * 60 * 60 * 24, path: '/', secure: false, httpOnly: false },
        store,
    })
);

passport.use(localStrategy);
passport.serializeUser((usr, done) => {
    done(null, usr);
});
passport.deserializeUser((usr, done) => {
    done(null, usr);
});

app.use(passport.initialize());
app.use(passport.session());

  router.post('/login', passport.authenticate('local'), (_, res)=>{res.json({msg: 'loged in'})});