Specify same-site behaviour for cookies
Browsers are changing their behaviour when/where to send cookies. This is a measure against Cross Site Request Forgery. According to my browser console, we still do not specify anything about same-site cookies, but I think we should. I put together some information, esp. the first link is a very good explanation.
Information:
- https://web.dev/samesite-cookies-explained/
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
- https://www.heise.de/newsticker/meldung/Chrome-80-Einschraenkungen-fuer-Cookies-und-Adblocker-4652813.html
- https://www.heise.de/newsticker/meldung/Google-setzt-SameSite-Cookie-Attribute-in-Chrome-voruebergehend-zurueck-4697376.html