Use SameSite cookies for auth #284
Description
Use SameSite (first party) cookies for authentication unless specifically turned off for API or other types of integrations.
Support is currently around 57% so it can't be a measure to rely on, but can be an additional security measure: https://caniuse.com/#search=same-site