When going to immich public proxy (as an example) from a link from another app, the Set-Cookie header is set but when performing the window.reload the cookies are not sent within the request. See code : https://github.com/alangrainger/immich-public-proxy/blob/main/app/views/password.ejs#L49-L69 Reproduction steps : - have a link inside an app - click link - on site perform a request that returns a Set-Cookie header with sameSite=strict - perform a window.reload - check that cookie isn't sent The same steps where performed on different browsers (Samsung Browser, Firefox on windows) but all of them sent the cookies allowing the authentication. Is the behavior wanted ? From ietf it seems that is not a normal behavior : https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-2.1