So, it seems like the core of this problem was caused by an HTTP call somewhere in between the HTTPS calls during the roundtrip. So, as soon as the HTTP call is made, the cookie is dropped because cookie.secure is set to true.
Setting cookie.secure to false, solved the problem. Now to figure out where the HTTP call happens. The origin site runs via HTTPS and everything is forced to be via HTTPS so, not sure if it could still happen(I guess it can), or whether this is on theAuth0 side somewhere.