[Web] make SameSite policy and cookie name configurable via vars.local.inc

data/web/inc/sessions.inc.php

@@ -1,9 +1,9 @@
 <?php
 // Start session
 if (session_status() !== PHP_SESSION_ACTIVE) {
-  session_name('MCSESSID');
+  session_name($SESSION_NAME);
   ini_set("session.cookie_httponly", 1);
-  ini_set("session.cookie_samesite", "Lax");
+  ini_set("session.cookie_samesite", $SESSION_SAMESITE_POLICY);
   ini_set('session.gc_maxlifetime', $SESSION_LIFETIME);
 }
 

data/web/inc/vars.inc.php

@@ -153,6 +153,13 @@ $LOG_PAGINATION_SIZE = 50;
 // Session lifetime in seconds
 $SESSION_LIFETIME = 10800;
 
+// Session SameSite Policy
+// Use "None", "Lax" or "Strict"
+$SESSION_SAMESITE_POLICY = "Lax";
+
+// Name of the session cookie
+$SESSION_NAME = "MCSESSID";
+
 // Label for OTP devices
 $OTP_LABEL = "mailcow UI";