Set samesite on cookies.

Set the SameSite attribute on all cookies issed to Lax.

src/lua/endpoints/login_post.lua

@@ -35,7 +35,9 @@ local function login_post(req)
 		local hash = sha3(todigest)
 		if hash == passhash then
 			local mysession = session.start(id)
-			http_response_cookie(req,"session",mysession,"/",0,0)
+			http_response_header(req,"set-cookie",string.format(
+				[[session=%s; SameSite=Lax; Path=/; Domain=test.monster; HttpOnly; Secure]],mysession
+			))
 			local loc = string.format("https://%s.%s",name,config.domain)
 			http_response_header(req,"Location",loc)
 			http_response(req,303,"")