Actually, the session ID stuff wasn't quite accurate

oreoshake · web-flow · commit c73952a31854 · 2020-01-10T06:20:42.000-10:00
The reason for `none` and `duplicate` is so you can find the differences. Setting it to lax would break 3rd party interactions.
diff --git a/docs/cookies.md b/docs/cookies.md
@@ -57,9 +57,9 @@ config.cookies = {
 ```ruby
 config.cookies = {
   samesite: {
-    strict: { only: ['_rails_session_duplicate'] },
+    strict: { only: ['session_id_duplicate'] },
     lax: { only: ['_guest', '_rails_session', 'device_id'] },
-    none: { only: ['_tracking', 'saml_cookie'] },
+    none: { only: ['_tracking', 'saml_cookie', 'session_id'] },
   }
 }
 ```

Original file line number	Diff line number	Diff line change
`@@ -57,9 +57,9 @@ config.cookies = {`
`57`	`57`	```ruby
`58`	`58`	`config.cookies = {`
`59`	`59`	`samesite: {`
`60`		`- strict: { only: ['_rails_session_duplicate'] },`
	`60`	`+ strict: { only: ['session_id_duplicate'] },`
`61`	`61`	`lax: { only: ['_guest', '_rails_session', 'device_id'] },`
`62`		`- none: { only: ['_tracking', 'saml_cookie'] },`
	`62`	`+ none: { only: ['_tracking', 'saml_cookie', 'session_id'] },`
`63`	`63`	`}`
`64`	`64`	`}`
`65`	`65`	```