use strict; use CGI ':standard';
use CGI::Carp 'fatalsToBrowser';
use CGI::Session;
use Data::Dumper;

my $CS=new CGI::Session(); $CS->expire('+1d');

$CS->{_QUERY}->{'.cookies'}->{CGISESSID}->{samesite}='Lax';
$CS->{_QUERY}->{'.cookies'}->{CGISESSID}->{secure}=1;

print $CS->header();
print start_html('Test');
print Dumper($CS->{_QUERY}->{'.cookies'}->{CGISESSID});
print end_html;

##</code><code>##

my $cookie=CGI::Cookie->new(
  -name=>$CS->name,
  -value=>$CS->id,
  -samesite=>'Lax', # (Lax, Strict, None) tested unsuccessfully
  -secure=>1,
  -httponly=>1
);

print header(-cookie=>$cookie);