原因為 cookie 缺少 SameSite 属性
<system.webServer>
<rewrite>
<outboundRules>
<rule name="sameSite">
<match serverVariable="RESPONSE_Set_Cookie" pattern=".*" />
<action type="Rewrite" value="{R:0}; sameSite=Strict" />
</rule>
</outboundRules>
</rewrite>
</system.webServer>使用PostMan確認
