Add SameSite=Lax to cookies to fix warnings in web browsers
Firefox 88.0.1 shows the following warning in Web Console.
Cookie “_redmine_session” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
According to https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#fixing_common_warnings, we have two options to fix the warning:
Secure attribute to the cookie
SameSite attribute to the value other than "None"
However, if you set the Secure attribute, Redmine cannot be used in non-HTTPS environments such as test environments and some on-premise servers. Therefore, I think it is preferable to set the SameSite attribute to something other than "None".