I have implemented a same-site cookie which we use as SSO for our 3 webapplication. When using them all with eachother it works perfectly.
However we have an external CRM where we link to a user in one of our applications and whenever I redirect from that the redirect link is set to cross-site and no longer reads the authentication cookie as it should
How can I fix this problem??
More info:
We have a CRM with a link to our permalink project (this project has no authentication), which in turn redirects to our portal where they can view extra settings on a user which are unavailable in our CRM. Since the origin was from our CRM (not in the same domain) all requests after that are set to "Cross-site" instead of "same-site" or "none" and this is not stopping us from using this redirect.
Appearently it was as simple as setting samesite to lax instead of strict.