We use Okta for user authentication and authorization. As known, during the authorization process, two sessions are created—one on the Okta side and the other on the app side. Accordingly, if a regular JSESSION ID is used, which is set in cookies during the /callback method call from Okta, all subsequent requests to the backend app will include this header, and the user can be authenticated.
However, we have decided to use Redis for session storage. Now, the /callback from Okta somehow sets 2 SESSIONs, with one of them being empty and appearing like this:
SESSION=; Path=/; Max-Age=0; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=LaxAs a result, the subsequent requests do not have this ID in the cookies, and the user cannot be resolved. Has anyone encountered a similar issue?