I’ve been working for a while on a React application where I use Okta for authentication. Everything has always worked fine until this morning when I started getting this:
Because a cookie’s `SameSite` attribute was not set or is invalid, it defaults to `SameSite=Lax`, which prevents the cookie from being set in a cross-site context. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.
Resolve this issue by updating the attributes of the cookie:
* Specify `SameSite=None` and `Secure` if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the `Secure` attribute.
* Specify `SameSite=Strict` or `SameSite=Lax` if the cookie should not be set by cross-site requests.
The symptom is that I do the authentication normally but it doesn’t count. I also realized that many requests have been fired to the token endpoint.
My browser is at the same version it was yesterday and the code didn’t change. Is there any configuration of the environment I should be checking that could cause this? I’m using Okta classic.