Update Cookies

[keckelt]

branch: develop

Possible future bug 🐛

I got the following warnings in Firefox when logging in:

Via the frontend (e.g., localhost:8080):

Cookie “session” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Via the backend (e.g., localhost:9000/login):

11:12:44.254 Cookie “_xsrf” will be soon treated as cross-site cookie against “http://localhost:9000/login” because the scheme does not match. 
11:12:44.254 Cookie “jweToken” will be soon treated as cross-site cookie against “http://localhost:9000/login” because the scheme does not match. 
11:12:44.254 Cookie “remember_token” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite 
11:12:44.254 Cookie “session” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite 
11:12:44.254 Cookie “_xsrf” will be soon treated as cross-site cookie against “http://localhost:9000/login” because the scheme does not match. 
11:12:44.254 Cookie “jweToken” will be soon treated as cross-site cookie against “http://localhost:9000/login” because the scheme does not match.

Some warnings relate to the issue also described datavisyn/phovea_security_store_generated#34.

[keckelt]

I didn't get how/where those cookies are set.

The login form is at: https://github.com/phovea/phovea_security_flask/blob/master/src/base/LoginUtils.ts
The UserSession class in Phovea Core: https://github.com/phovea/phovea_core/blob/develop/src/app/UserSession.ts