updated Plack/Middleware/Session/Cookie.pm attribute list to make SameSite=Lax appear

[gsteadwm]

First -- your software is awesome. Thank you.

I also apologize if this resulted from my misunderstanding. But to make SameSite=Lax appear in Set-Cookie, I updated lib/Plack/Middleware/Session/Cookie.pm like this:

5c5
< use Plack::Util::Accessor qw(secret session_key domain expires path secure httponly samesite
---
> use Plack::Util::Accessor qw(secret session_key domain expires path secure httponly
31c31
<     for my $attr (qw(session_key path domain expires secure httponly samesite)) {
---
>     for my $attr (qw(session_key path domain expires secure httponly)) {
144c144
< =item session_key, domain, expires, path, secure, httponly, samesite
---
> =item session_key, domain, expires, path, secure, httponly

Background:

For security reasons our cookies must contain both SameSite and HttpOnly. I updated our .psgi like this:

    enable 'Session::Cookie',
      store    => 'File',
      secret   => 'top-secret',
      httponly => 1,              # security
      samesite => 'Lax',          # requires bugfix
      ;

However, only HttpOnly appeared in Set-Cookie:

Set-Cookie: plack_session=1679947687.28941%3ABQoDAAAAAQoUZDVhODVmMjNhMTQyMGU5Yzg0NDMAAAAKY3NyZl90b2tlbg%3D%3D%3Aed3d2d7ca08f109168b356aae8334d04b9619ffc; path=/; HttpOnly

I could not make the SameSite entry appear. I tried many permutations.

When I inspected Plack::Session::State::Cookie I realized that samesite was not listed alongside httponly. I addedsamesite everywhere, and voila, the flag immediately appeared!

Set-Cookie: plack_session=1679948062.33454%3ABQgDAAAAAQoUMzQ3MTU0NWUyZWZmNjUyYWJlZTIAAAAKY3NyZl90b2tlbg%3D%3D%3A2a82445e6fe462efebcf4b429b357bc279f5eb1b; path=/; SameSite=Lax; HttpOnly

Once again, I apologize if I misunderstood something here.

Have a great day, and thanks again for some amazing modules.