The cause of the problem was found.
As expected, it was a problem with IOS 12.0, 12,1 and framework meshing.
I’m using Spring Session for Session management, and SameSite:Lax was set by default.
IOS 12.0, 12 and 1 had a bug that caused the same behavior as “Strict”, ignoring the value of the SameSite setting.
The issue has been closed.
spring-session/spring-session-core/src/main/java/org/springframework/session at 2.2.0.RELEASE · spring-projects/spring-session · GitHub … /web/http/DefaultCookieSerializer.java#L88
@Bean
public CookieSerializer cookieSerializer() {
DefaultCookieSerializer serializer = new DefaultCookieSerializer();
serializer.setSameSite(null);
return serializer;
}
to not add the SameSite attribute itself, the behavior was as expected.