I had it confirmed from Mendix support that this is a general issue for OIDC as well (also already included in the docs). It seems to affect most forms of SSO in 9.20+ . In my case, the ticket is open, awaiting a fix, and I rolled back my app to an older version in the meanwhile.
For those of you that are using the SAP XSUAA module, the support team has suggested a fix. You can change line 373 in the StartXsuaaIntegration.java file to the following. It worked for us.
response.addCookie(SESSION_ID_COOKIE_NAME, session.getId().toString(), "/", "", -1, true,true);