in your java action, check if you have something like that :
response.addCookie(XAS_SESSION_ID, session.getId().toString(), "/", "", -1,true);
response.addCookie(XAS_ID, "0." + Core.getXASId(), "/", "", -1,true);
You need to change it with something like that :
response.addCookie(XAS_SESSION_ID, session.getId().toString(), "/", "", -1,true,true);
response.addCookie(XAS_ID, "0." + Core.getXASId(), "/", "", -1,true,true);
I had the same issue when I upgraded my mendix app to 9.24.2