Settings in php.ini:
expose_php = Off
session.cookie_httponly = On
session.cookie_secure = On
session.cookie_samesite = Lax

if somewhere session.cookie_samesite = “none”
– The double quotes prevent interpretation ‘false’.
– Web browsers such as FireFox want secure to be enabled