In that case the cookie can at least be scoped to the login form with a Path attribute and limited to the current session, which these aren't. The cookies on https://sentry.io/auth/login/ set without user intervention are valid beyond the current browser session and two of them have durations of a year. One even has Same-Site=Lax!
(It's also not clear to me that cookies are required, if there are other technically sound options that do this without setting cookies.)
(It's also not clear to me that cookies are required, if there are other technically sound options that do this without setting cookies.)