current_user is always flask_login.mixins.AnonymousUserMixin

[AppleBoiy]

I create a flask app as backend and react as frontend separately and when request to /login everything seems to be fine but when I tried to request to protected page when @auth_required("token", "session") and @cross_origin(supports_credentials=True) decorator its return

{
  "meta": {
    "code": 401
  },
  "response": {
    "errors": [
      "You are not authenticated. Please supply the correct credentials."
    ]
  }
}

this is log from my backend

2024-06-05 11:03:07 response True
2024-06-05 11:03:07 current_user <flask_login.mixins.AnonymousUserMixin object at 0xffffaf6437c0>

class ExtendedLoginForm(LoginForm):
    def validate(self):
        response = super(ExtendedLoginForm, self).validate()

        print("response", response)
        print("current_user", current_user)

        return response