I hope you can solve it very quickly. As my team, we decided not to convert our project 9.24 immeaditely. We follow the error situation between old versions and 9.24. It keeps us save for a while.
When we come to your problem, as you state there is a redirection to mendix build-in login page then you redirect your customized one. Probably it cause the changes XASSESSIONID in that time.
I hope that works for you. By the way, did you get any reply from mendix support?
We found the root cause and resolved:
Hint from: https://docs.mendix.com/partners/sap/sap-xsuaa-connector/#v920
API docs reference:
The last two boolean parameters is added for security enhancement:
isHttpOnly - set the HttpOnly attribute of the cookie
isHostOnly - prefix key with __Host-
response.addCookie(SESSION_ID_COOKIE_NAME, session.getId().toString(), "/", "", -1, true, true);