I found the issue: Apparently, cookies with samesite-attribute set to strict aren't handled very well in the context of progressive web applications. I configured the ASP.NET Identity Cookies to have samesite=lax, and problems disappeared.

Program.cs exerpt:

builder.Services.ConfigureApplicationCookie(o =>
{
    o.LoginPath = "/Identity/Account/Login";
    o.LogoutPath = "/Identity/Account/Logout";
    o.AccessDeniedPath = "/Identity/Account/AccessDenied";
    o.Cookie.MaxAge = TimeSpan.FromDays(6);
    o.Cookie.HttpOnly = true;

    o.Cookie.SameSite = SameSiteMode.Lax; // <=====

    o.Cookie.SecurePolicy = CookieSecurePolicy.Always;
    o.ExpireTimeSpan = TimeSpan.FromDays(6);
    o.SlidingExpiration = true;
});