Aug 20, 2018 · Sep 4, 2018 · Sep 4, 2018
diff --git a/components/http_foundation/session_configuration.rst b/components/http_foundation/session_configuration.rst
    with an expiry time of ``time()`` + ``cookie_lifetime`` where the time is taken
    from the server.

 Session Cookie SameSite
 ~~~~~~~~~~~~~~~~~~~~~~~

 .. versionadded:: 4.2
    The option to use SameSite cookies for session was introduced in 4.2.

 SameSite cookies are a measure to protect against Cross Site Forgery Request (CSRF) attacks by preventing the cookies to be sent to the server if a request was not originated from the domain the cookies are for.

 There are two modes, ``lax`` and ``strict``. When set to ``strict`` cookies will never be sent along with the request, whereas with ``lax`` the cookies will be sent with HTTP GET requests, but not with HTTP POST requests.

 This option can be set with the ``cookie_samesite`` setting.

 This option will be available for sessions in PHP as of version 7.3, but Symfony has a polyfill for older versions of PHP, so it can also be used in PHP version lower than 7.3 as well.

 Configuring Garbage Collection
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Original file line number	Diff line number	Diff line change
Expand Up		@@ -153,6 +153,20 @@ be securely controlled from the server side.
		with an expiry time of ``time()`` + ``cookie_lifetime`` where the time is taken
		from the server.

		Session Cookie SameSite
		~~~~~~~~~~~~~~~~~~~~~~~

		.. versionadded:: 4.2
		The option to use SameSite cookies for session was introduced in 4.2.
Copy link Member fabpotSep 4, 2018 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. for sessions?

		SameSite cookies are a measure to protect against Cross Site Forgery Request (CSRF) attacks by preventing the cookies to be sent to the server if a request was not originated from the domain the cookies are for.
Copy link Member fabpotSep 4, 2018 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. Text should be at around 80 chars

		There are two modes, ``lax`` and ``strict``. When set to ``strict`` cookies will never be sent along with the request, whereas with ``lax`` the cookies will be sent with HTTP GET requests, but not with HTTP POST requests.

		This option can be set with the ``cookie_samesite`` setting.

		This option will be available for sessions in PHP as of version 7.3, but Symfony has a polyfill for older versions of PHP, so it can also be used in PHP version lower than 7.3 as well.

		Configuring Garbage Collection
		~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Expand Down