Question about possible clarification of session-configuration regarding cookies same_site rules

[CHamalainen]

Hello,

Thanks for a great package and documentation.

I wanna propose a small clarification to the docs, related to recommending the use of the lax setting for same_site key in Laravel's config/session.php file.

Why this came to my attention
I've been spending a couple of days trying to get the Microsoft provider to work flawlessly in a Laravel project, which uses Laravel Sanctum and session driven authentication to provide the "local authentication" within the Laravel app. The Socialite Provider was working great in relation to authentication with Microsoft, and the callback worked without a hitch. But the redirect after logging the user into Laravel manually (using Auth::login()) resulted in being logged out of the Laravel application after redirection.
After an excruciating investigation spanning a couple of days, I found that out same_site config setting was set to strict which disallows any non-samesite navigation from setting the session cookie in Laravel. Since most of the Socialite Providers use OAuth2 to do the authentication, I suspect that this might a problem many people would experience if their Laravel configuration differs from the default lax setting.

Since I haven't been able to find any readily available information for helping this issue I wanted to take the opportunity to direct your attention to it.

I'd be happy to create a PR for adding the necessary information to the documentation if you wish.

Regards