-
Strict cookies are not being sent by request after redirect
It's now possible to make your cookies more secure and be explicit about what sites you want to be able to read them.So, I've been making most of the cookies I use have a same site policy of strict. My understanding was that this would mean that only my site would be able to read them, which is exactly what I wanted. Except, they were even stricter than I expected and caused an unexpected side effect that made our site unusable.
After making some changes to our login procedure the site got stuck in an endless redirect loop. This is what was happening:
The user logs in successfully using a …