Add configurable SameSite cookie option

src/Microsoft.AspNetCore.Session/SessionMiddleware.cs

@@ -153,6 +153,7 @@ private void SetCookie()
                 var cookieOptions = new CookieOptions
                 {
                     Domain = _options.CookieDomain,
+                    SameSite = _options.SameSiteMode,
                     HttpOnly = _options.CookieHttpOnly,
                     Path = _options.CookiePath ?? SessionDefaults.CookiePath,
                 };

src/Microsoft.AspNetCore.Session/SessionOptions.cs

@@ -36,6 +36,12 @@ public class SessionOptions
         /// </summary>
         public bool CookieHttpOnly { get; set; } = true;
 
+        /// <summary>
+        /// Determines if the browser should allow the cookie to be attached to same-site or cross-site requests. The
+        /// default is Lax, which means the cookie is allowed to be attached to same-site and safe cross-site requests.
+        /// </summary>
+        public SameSiteMode SameSiteMode { get; set; } = SameSiteMode.Lax;
+
         /// <summary>
         /// Determines if the cookie should only be transmitted on HTTPS requests. 
         /// </summary>