Support SameSite cookie

Further to my comment above, I've since ditched the idea of extending the session class and have instead added the samesite cookie attribute to my core system file.  I know this is terrible practice but it was less messy than extending the session class, and I'm hoping the samesite attribute is included in a future patch/version, therefore rendering my change temporary.

I did this by modifying line 163 in /system/libraries/Session/Session.php from:

PHP Code:

setcookie(
    $this->_config['cookie_name'],
    session_id(),
    (empty($this->_config['cookie_lifetime']) ? 0 : time() + $this->_config['cookie_lifetime']),
    $this->_config['cookie_path'],
    $this->_config['cookie_domain'],
    $this->_config['cookie_secure'],
    TRUE
); 


to

PHP Code:

setcookie(
    $this->_config['cookie_name'],
    session_id(),
    [
    'expires' => (empty($this->_config['cookie_lifetime']) ? 0 : time() + $this->_config['cookie_lifetime']),
    'path' => $this->_config['cookie_path'],
    'domain' => $this->_config['cookie_domain'],
    'secure' => $this->_config['cookie_secure'],
    'httponly' => TRUE,
    'samesite' => 'Lax',
    ]
); 


Really the samesite attribute should be configurable rather than hardcoded, and again I realise changing core system files is generally not acceptable.  In our case I just want to set this attribute with as little fuss as possible, and hope for a more permanent solution in the future.

Note: The above also assumes you are on PHP 7.3 or higher.