Alright, if anyone stumbles upon this problem, I'll leave here what solved it for me !

Thanks to @miken32's suggestion I dug a bit more towards the requests' authentication in etherpad and its cookie needs. The sessionID cookie is necessary to allow a user to open a pad, it's a security feature (enabled in settings.json by setting requireSession to true).

The cookie in my case is set in PHP :

setcookie("sessionID", $session_id, 0, '/p/' . $pad_id,"",true);

It turns out that Etherpad reads the path of the cookie from the domain itself : myapp.eu/p/$pad_id. My Etherpad instance is in a sublevel : myapp.eu/etherpad. So I just need to replace the "path" argument in set cookie with the relevant value (WITH a / at the beginning) :

setcookie("sessionID", $session_id, 0, '/etherpad/p/' . $pad_id,"",true);

Note that samesite and secure must be set to "None" and true respectively, be it through the cookie or settings.json.

Thanks miken32 for your suggestion !