Update required for mythweb_id cookie (SameSite attribute)

[mkbloke]

Changes are coming in browsers relating to cookies that either do not specify SameSite or set SameSite=None on cookies.

Firefox can now show:

Cookie “mythweb_id” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

in the console.

For further information, you can also refer to:

https://hacks.mozilla.org/2020/08/changes-to-samesite-cookie-behavior/
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#fixing_common_warnings

One option is to specify the Secure attribute with the cookie when SameSite=None, the others are to specify either SameSite=Lax or SameSite=Strict. The former will only work for HTTPS connections, while the latter two will work for both HTTP and HTTPS connections. Given that I believe there is no requirement for a setting of either None or Lax, it seems easiest to implement Strict, which should allow folks to use either HTTP or HTTPS on their servers without problems and without additional code to determine which is in use (as would apply if SameSite=None and the Secure attribute were used).

I will submit a PR for this.