Add same site accessor to servlet api

[fabianfrz]

Is your feature request related to a problem? Please describe.

Currently browsers block cookies cross domain if the flag samesite=none and secure are not set. For that reason, we loose the authentication sate.

Describe the solution you'd like

Class: jakarta.servlet.http.Cookie
Add accessor String getSameSite() and void setSameSite(String) to allow setting the flag

web.xml

    <cookie-config>
    	<http-only>true</http-only>
        <secure>true</secure>
        <same-site>none</same-site>
    </cookie-config>

Describe alternatives you've considered

• Use a servlet filter to use Set-Cookie headers to bypass the servlet api limitations
• Intercept responses on a proxy and rewrite the Set-Cookie headers

-> this is non-standard and should not be done in my opinion

[chkal]

See: jakartaee/servlet#175

[fabianfrz]

@chkal thanks for oyur info, so I think we can close that one as duplicate?

[kwsutter]

@fabianfrz We should actually close this Issue as a duplicate of jakartaee/servlet#175. The Servlet API is owned and developed by the servlet-api team, not the jakartaee-platform team. Thanks!