Cookie warning in firefox

We’ve started seeing this warning in Firefox associated with calls to /api/v1/sessions/me:

Cookie “sid” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read Set-Cookie - HTTP | MDN

The associated header from that call is:

Set-Cookie: sid=“”; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/

We’re also seeing the same warning with AppDynamics cookies (ADRUM_BTx, where “x” is something like “1” or “a”).

As far as I can tell, this issue is an okta back end issue. I’ve tried updating our okta widget to the latest 5.1.1 just in case it’s a front end issue but that made no difference. Assuming I’m right about it being an issue on the back end, is this being addressed? And if it’s not on the back end, do I need to wait for a fix in the widget or is there something I need to do in my own code?

@jeffs Pleaser refer the article here and this should help.

Thanks @Lijia, and sorry for the delay (was on PTO). I don’t think that quite addresses what my concern is though. The implication of that article is that if there was a problem with our use of Okta, logins should’ve started breaking with Chrome 80 a long time ago. That’s not the case. However, we are seeing warnings in Firefox (and only Firefox). If I’m somehow wrong about this, perhaps you could explain why we get this warning in Firefox and yet we haven’t had login problems in Chrome 80+ (let alone other browsers)?

@jeffs Can you please explain what warning you see? And the reproduce steps? It would be better we have a screenshot for the warning.

Sorry @Lijia! Somehow I didn’t realize you replied until just now. Here’s a screenshot:

It happens when our code calls “new OktaSignIn(config).authClient.session.get()” to see if an okta session already exists.

@jeffs Could you please open a support ticket through an email to support@okta.com. One of our dev support engineers will help you review your code and browser settings.

Was this issue ever resolved? I’m experiencing the same issue with my React frontend (using okta-auth-js and okta-react)

Thanks!