[coder543]

This is such an opaque response, I don't know what else could be said. If you're sending the same token to multiple websites, something feels very wrong with that situation. If it's all the same website, you can have multiple backends "mounted" on different paths, and that won't cause any problems with a SameSite cookie.

[szastamasta]

Then you need a single point of failure that is handling session validation. Without it part of your app might work even without your sessions storage.

[coder543]

You can store a JWT in a session cookie. You don’t need a SPoF for session validation, if that’s not what you want.