Understanding was that OKTA had updated cookies to
SameSite=None for browsers that support. Not sure why Im not seeing these set from *.oktapreview.com w Firefox 71 and about:config changes set to true?
Hi @aversely,
Okta has indeed updated the cookies with SameSite=None, Secure=true attribute. What you’re seeing here is a behavior of firefox, which sets SameSite to “unset” even when the server sets it to “None”. I believe this is a bug in firefox. ( https://bugzilla.mozilla.org/show_bug.cgi?id=1550032 ?)
Notice that these cookies show Secure=true, which is required if SameSite=None.
Also, you can verify that the cookies are actually set to SameSite=None, by opening the same link in Chrome (with samesite flag enabled) and checking the value of SameSite attribute for these cookies.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.