I am facing an issue in online payment portal ,when redirecting from merchant portal the session gets timedout in ios 12 browsers, i suspect this due to Samesite attribute not applying properly, currently it has been applied in revreseproxy level,are there any solutions for that ?
I've provided some detail on this here: https://web.dev/samesite-cookie-recipes/#handling-incompatible-clients
The summary is that you can either:
Set-cookie: 3pcookie=value; SameSite=None; Secure
Set-cookie: 3pcookie-legacy=value; Secure
On the receiving end, you can then check which cookie has been received. If the
legacy cookie is present, then you know you are dealing with an older browser
and can adjust accordingly.
User-Agent value. There's a regular expression you can use here: https://www.chromium.org/updates/same-site/incompatible-clients however any form of User-Agent detection will be fragile, so exercise caution.