[NFR]: Cookies - SameSite

[Brett-Bullard]

Is your feature request related to a problem? Please describe.
Chrome currently throws this error on cookies set with Phalcon:

"A cookie associated with a resource at was set with SameSite=None but without Secure. A future release of Chrome will only deliver cookies marked SameSite=None if they are also marked Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at ."

It appears that the future release they are referring to is Chrome 80, I believe 79 is out now. Additionally, the ability to set the samesite attribute on your cookies is a way to prevent CSRF.

Describe the solution you'd like
I would like to see Phalcon's $cookie->set method support more options, but especially the samesite attribute.

Describe alternatives you've considered
The alternative method would be to rip out Phalcon's cookie management and use PHP's native one.

Additional context
Add any other context or screenshots about the feature request here.

[ruudboon]

@niden I'm a bit lost in this one. I think it's fixed in the 4.0.x branch and will be part of the 4.0.1 release right?

[niden]

This one is a bit tricky. It needs a bit of work to be fixed but will not work for PHP 7.2 unless we break the interface (bc compatible).

This is because setcookie in PHP 7.3 can accept the samesite as an option in the third parameter of setcookie - option that does not exist in earlier PHP versions.

I think we can fix it for 7.3 now and since we will be removing 7.2 in the near future we will be ok. Plus the HTTP layer will be rewritten so not a huge problem there.

[niden]

Resolved in #14683