In newer Firefox versions, but especially in Firefox 131 on Windows, the session cookies do not work properly when using HTTPS with an invalid SSL certificate (special exception).
In my test scenario, I use PHP to create a session cookie with the secure flag. This was not a problem in previous Firefox versions. It also still works in Chrome.
In addition, the official Mozilla documentation explicitly mentions an exception on localhost:
A cookie with the secure attribute is only sent to the server with an encrypted request via the HTTPS protocol. It is never sent with unsecured HTTP (except on localhost)...
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
Has there been any change in the latest Firefox versions or am I misinterpreting the documentation here?