use warnings;
use strict;
use CGI;
use CGI::Carp 'fatalsToBrowser';
use CGI::Session;

package CGI::Session::Mine {
    use parent 'CGI::Session';
    sub cookie {
        my $self = shift;
        my $cookie = $self->SUPER::cookie(@_);
        $cookie->secure(1);
        $cookie->samesite('Lax');
        return $cookie;
    }   
}

my $CS = CGI::Session::Mine->new();
$CS->expire('+1d');
print $CS->header();
print '<!DOCTYPE html><html><head><title>Test</title></head>'
    .'<body><h1>Test</h1></body></html>';