diff --git a/src/main/java/uk/ac/ox/ctl/ltiauth/TomcatConfiguration.java b/src/main/java/uk/ac/ox/ctl/ltiauth/TomcatConfiguration.java
deleted file mode 100644
index a32689e..0000000
--- a/src/main/java/uk/ac/ox/ctl/ltiauth/TomcatConfiguration.java
+++ /dev/null
@@ -1,25 +0,0 @@
-package uk.ac.ox.ctl.ltiauth;
-
-import org.apache.tomcat.util.http.Rfc6265CookieProcessor;
-import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
-import org.springframework.boot.web.server.WebServerFactoryCustomizer;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-
-/**
- * This is so that we set SameSite=None on our cookie so that things work in the cross domain setup.
- */
-@Configuration
-public class TomcatConfiguration {
-
-    @Bean
-    WebServerFactoryCustomizer<TomcatServletWebServerFactory> cookieProcessorCustomizer() {
-        return tomcatServletWebServerFactory -> {
-            tomcatServletWebServerFactory.addContextCustomizers(context -> {
-                Rfc6265CookieProcessor processor = new Rfc6265CookieProcessor();
-                processor.setSameSiteCookies("None");
-                context.setCookieProcessor(processor);
-            });
-        };
-    }
-}
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 7ccb9de..e36c7a6 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -63,3 +63,5 @@ management.endpoints.web.exposure.include=health,sentry
 # disable by default
 spring.cloud.aws.secretsmanager.enabled=false
 
+# This is needed for the OAuth flow so that the cookie is sent in cross-origin requests.
+server.servlet.session.cookie.same-site=None