Set SameSite default to Lax

Issue: SPR-16418

Author: vpavic

spring-web/src/main/java/org/springframework/web/server/session/CookieWebSessionIdResolver.java

@@ -125,7 +125,7 @@ private ResponseCookie initSessionCookie(
 				.maxAge(maxAge)
 				.httpOnly(true)
 				.secure("https".equalsIgnoreCase(exchange.getRequest().getURI().getScheme()))
-				.sameSite("Strict");
+				.sameSite("Lax");
 
 		if (this.cookieInitializer != null) {
 			this.cookieInitializer.accept(cookieBuilder);

spring-web/src/test/java/org/springframework/web/server/session/CookieWebSessionIdResolverTests.java

@@ -44,13 +44,13 @@ public void setSessionId() {
 		assertEquals(1, cookies.size());
 		ResponseCookie cookie = cookies.getFirst(this.resolver.getCookieName());
 		assertNotNull(cookie);
-		assertEquals("SESSION=123; Path=/; Secure; HttpOnly; SameSite=Strict", cookie.toString());
+		assertEquals("SESSION=123; Path=/; Secure; HttpOnly; SameSite=Lax", cookie.toString());
 	}
 
 	@Test
 	public void cookieInitializer() {
 		this.resolver.addCookieInitializer(builder -> builder.domain("example.org"));
-		this.resolver.addCookieInitializer(builder -> builder.sameSite("Lax"));
+		this.resolver.addCookieInitializer(builder -> builder.sameSite("Strict"));
 		this.resolver.addCookieInitializer(builder -> builder.secure(false));
 
 		MockServerHttpRequest request = MockServerHttpRequest.get("https://example.org/path").build();
@@ -61,7 +61,7 @@ public void cookieInitializer() {
 		assertEquals(1, cookies.size());
 		ResponseCookie cookie = cookies.getFirst(this.resolver.getCookieName());
 		assertNotNull(cookie);
-		assertEquals("SESSION=123; Path=/; Domain=example.org; HttpOnly; SameSite=Lax", cookie.toString());
+		assertEquals("SESSION=123; Path=/; Domain=example.org; HttpOnly; SameSite=Strict", cookie.toString());
 	}
 
 }