Hello, we use Spring SAML. On successful authentication, and redirect to landing page, there is a jsessionId with no ‘SameSite’ set.
For Non-SAML, we use a successful authentication handler, to access the ‘jsessionId’ from the “Set-cookie” header in the response and add the samesite attribute.
For SAML with okta, there is no ‘Set-cookie’ header in the response.
My question is, is there a way to set the ‘Samesite’ attribute for the jsessionId? Why is the ‘set-cookie’ header not available on successful authentication.
Thanks in advance