Check cookies against a cross-site request [SameSite attribute]

[macbre]

Because a cookie's SameSite attribute was not set or is invalid, it defaults to SameSite=Lax, which prevents the cookie from being sent in a cross-site request. This behavior protects user data from accidentally leaking to third parties and cross-site request forgery.

Resolve this issue by updating the attributes of the cookie:

• Specify SameSite=None and Secure if the cookie should be sent in cross-site requests. This enables third-party use.
• Specify SameSite=Strict or SameSite=Lax if the cookie should not be sent in cross-site requests