We’ve started seeing this warning in Firefox associated with calls to /api/v1/sessions/me:
Cookie “sid” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
The associated header from that call is:
Set-Cookie: sid=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
We’re also seeing the same warning with AppDynamics cookies (ADRUM_BTx, where “x” is something like “1” or “a”).
As far as I can tell, this issue is an okta back end issue. I’ve tried updating our okta widget to the latest 5.1.1 just in case it’s a front end issue but that made no difference. Assuming I’m right about it being an issue on the back end, is this being addressed? And if it’s not on the back end, do I need to wait for a fix in the widget or is there something I need to do in my own code?