SameSitesäännön

The SameSite cookie attribute is a security feature introduced to mitigate cross-site request forgery (CSRF) attacks. It provides developers with a mechanism to declare how a cookie should be sent with cross-site requests. The attribute can be set to one of three values: Strict, Lax, or None.

Strict is the most restrictive setting. When a cookie is set to Strict, it will only be

Lax is the default behavior in modern browsers for cookies that do not explicitly specify a SameSite

None requires explicit opt-in and is used when cookies are intended to be sent with all requests,

The SameSite attribute helps protect users from various types of attacks where malicious websites could trick