chore: add required callouts

Author: HuiSF

src/pages/[platform]/build-a-backend/server-side-rendering/index.mdx

@@ -238,6 +238,8 @@ AMPLIFY_APP_ORIGIN=https://myapp.com
 
 Ensure this environment variables is accessible in your Next.js app's server runtime.
 
+> **Note:** Token cookies are transmitted via server-side authentication flows. In production environments, it is recommended to use HTTPS as the origin for enhanced security.
+
 **Step 2 - Export the `createAuthRouteHandlers` function**
 
 `createAuthRouteHandlers` function is created by the `createServerRunner` function call when you configure Amplify for server-side usage. You can export this function from your `amplifyServerUtils.ts` file. You can also configure cookie attributes with the `runtimeOptions` parameter.
@@ -303,6 +305,10 @@ With the above example, Amplify generates the following API routes:
 | `/api/auth/sign-in-callback`                        | Amazon Cognito Managed Login redirects users back to this route after signing in. Amplify exchanges auth tokens and stores them as HTTP-only cookies in the browser cookie store. |
 | `/api/auth/sign-out-callback`                       | Amazon Cognito Managed Login redirects an end user back to this router after signing out, Amplify revokes access token and refresh token and removes token cookies from browser cookie store. |
 
+> **Note:** A signing-out call involves multiple steps, including signing out from Amazon Cognito Managed Login, revoking tokens, and removing cookies. If the user closes the browser during the process, the following may occur:
+>
+> 1. auth token have not been revoked - user remains signed in
+> 2. auth token have been revoked but cookies have not been removed - cookies will be removed when the user visits the app again
 
 **Step 4 - Provide the redirect URLs to the Auth Resource in Amplify**
 

src/pages/gen1/[platform]/build-a-backend/server-side-rendering/nextjs/index.mdx

@@ -240,6 +240,8 @@ AMPLIFY_APP_ORIGIN=https://myapp.com
 
 Ensure this environment variables is accessible in your Next.js app's server runtime.
 
+> **Note:** Token cookies are transmitted via server-side authentication flows. In production environments, it is recommended to use HTTPS as the origin for enhanced security.
+
 **Step 2 - Export the `createAuthRouteHandlers` function**
 
 `createAuthRouteHandlers` function is created by the `createServerRunner` function call when you configure Amplify for server-side usage. You can export this function from your `amplifyServerUtils.ts` file. You can also configure cookie attributes with the `runtimeOptions` parameter.
@@ -305,6 +307,10 @@ With the above example, Amplify generates the following API routes:
 | `/api/auth/sign-in-callback`                        | Amazon Cognito Managed Login redirects users back to this route after signing in. Amplify exchanges auth tokens and stores them as HTTP-only cookies in the browser cookie store. |
 | `/api/auth/sign-out-callback`                       | Amazon Cognito Managed Login redirects an end user back to this router after signing out, Amplify revokes access token and refresh token and removes token cookies from browser cookie store. |
 
+> **Note:** A signing-out call involves multiple steps, including signing out from Amazon Cognito Managed Login, revoking tokens, and removing cookies. If the user closes the browser during the process, the following may occur:
+>
+> 1. auth token have not been revoked - user remains signed in
+> 2. auth token have been revoked but cookies have not been removed - cookies will be removed when the user visits the app again
 
 **Step 4 - Provide the redirect URLs to the Auth Resource in Amplify**