Oktapreview.com not setting sameSite=true cookie?

Understanding was that OKTA had updated cookies to
SameSite=None for browsers that support. Not sure why Im not seeing these set from *.oktapreview.com w Firefox 71 and about:config changes set to true?


Hi @aversely,

Okta has indeed updated the cookies with SameSite=None, Secure=true attribute. What you’re seeing here is a behavior of firefox, which sets SameSite to “unset” even when the server sets it to “None”. I believe this is a bug in firefox. ( https://bugzilla.mozilla.org/show_bug.cgi?id=1550032 ?)
Notice that these cookies show Secure=true, which is required if SameSite=None.

Also, you can verify that the cookies are actually set to SameSite=None, by opening the same link in Chrome (with samesite flag enabled) and checking the value of SameSite attribute for these cookies.