We’ve started seeing this warning in Firefox associated with calls to /api/v1/sessions/me:
Cookie “sid” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read Set-Cookie - HTTP | MDN
We’re also seeing the same warning with AppDynamics cookies (ADRUM_BTx, where “x” is something like “1” or “a”).
As far as I can tell, this issue is an okta back end issue. I’ve tried updating our okta widget to the latest 5.1.1 just in case it’s a front end issue but that made no difference. Assuming I’m right about it being an issue on the back end, is this being addressed? And if it’s not on the back end, do I need to wait for a fix in the widget or is there something I need to do in my own code?
Thanks @Lijia, and sorry for the delay (was on PTO). I don’t think that quite addresses what my concern is though. The implication of that article is that if there was a problem with our use of Okta, logins should’ve started breaking with Chrome 80 a long time ago. That’s not the case. However, we are seeing warnings in Firefox (and only Firefox). If I’m somehow wrong about this, perhaps you could explain why we get this warning in Firefox and yet we haven’t had login problems in Chrome 80+ (let alone other browsers)?
@jeffs Could you please open a support ticket through an email to support@okta.com. One of our dev support engineers will help you review your code and browser settings.