Is normal that a web site which use OpenID as SSO sends all the cookie without samesite header?


Is normal that a web site which uses OpenID as SSO sends all the cookie without samesite header?
Is this required in order to make OpenID work correctly?