Update API for SameSitemode

xml/System.Web/SameSiteMode.xml

@@ -14,7 +14,20 @@
   </Base>
   <Docs>
     <summary>Specifies constants that indicate the value for the SameSite attribute of the cookie.</summary>
-    <remarks>To be added.</remarks>
+    <remarks>
+          <format type="text/markdown"><![CDATA[  
+
+## Remarks
+
+The behavior of <see cref="F:System.Web.SameSiteMode.None" /> was modified by updates described in [KB article 4531182](https://support.microsoft.com/help/4531182/kb4531182) and [KB article 4524421](https://support.microsoft.com/help/4524421/kb4524421).
+
+Without these updates, the <see cref="F:System.Web.SameSiteMode.None" /> value does not emit the `SameSite` cookie header. This conforms to [https://tools.ietf.org/html/draft-west-first-party-cookies-07#section-4.1](https://tools.ietf.org/html/draft-west-first-party-cookies-07#section-4.1).
+
+After these updates have been applied, the <see cref="F:System.Web.SameSiteMode.None" /> value emits the `SameSite=None` cookie header. This new behavior conforms to [update](https://tools.ietf.org/html/draft-west-cookie-incrementalism-00). As part of this change, FormsAuth and SessionState cookies will be issued with SameSite = 'Lax' instead of the previous default of 'None', though these values can be overridden in web.config. 
+
+On systems where these updates have been applied, you can specify the previous behavior by setting the `SameSiteMode` to `(SameSiteMode)(-1)`.
+]]></format>
+    </remarks>
   </Docs>
   <Members>
     <Member MemberName="Lax">
@@ -54,7 +67,7 @@
       </ReturnValue>
       <MemberValue>0</MemberValue>
       <Docs>
-        <summary>No mode is specified.</summary>
+        <summary>Emits "SameSite=None" (see remarks).</summary>
       </Docs>
     </Member>
     <Member MemberName="Strict">