When using Liferay recommended way to add SameSite: none to
JSESSIONID
cookie https://help.liferay.com/hc/en-us/articles/12648655215885-SameSite-cookie-attribute
it also affects other cookies (custom ones and Liferay ones like
"COMPANY_ID", "COOKIE_SUPPORT" etc
This is generally fine as far as I can tell.
The issue is if we also have https site and "secure"
attribute is added to the cookie. In such case adding cookie works but
removing it with CookiesManagerUtil#deleteCookies does not as the
deletion of cookie does not include secure=true attribute. Looking at
the code of CookiesManagerImpl#deleteCookies confirms that:
cookie.setSecure(secure);
is missing.
Tested with CE GA89 but same behavior is present on master branch: https://github.com/liferay/liferay-portal/blob/master/modules/apps/cookies/cookies-impl/src/main/java/com/liferay/cookies/internal/manager/CookiesManagerImpl.java#L222
