In recent years often dealing with security, COOKIE know how much impact a site's security right, so in the preparation phase and cookie-related code will be particularly careful.
Recently made a system, there are several places to use cookie, then the cookie unified several properties are set they think the safest state: httponly: true, secure: true, samesite: strict.
Then we found that when using ajax request, the server-side service the cookie (there are set-cookie header), but then request another page, find cookie settings through ajax requests are not with the past, see the website below by developer tools cookie, I found it did not. Then the same code, into a normal request pages, cookie settings and found no problem.
After continuous testing, finally found a path and cause problems secure, because in the local test, so using http, this time to secure set to true, cookie settings are not set to the site via ajax request, there is a path before not set, the cookie does not lead to the entry into force, to secure the final set to false, path is set to / just fine.