I wanna implement a cookie that stores user’s session token.

I looked at how github stores users session tokens. And it uses lax to authenticate users. So I thought to myself, when do websites actually need the strict value to be set for a cookie?

I wanna make sure I’m using the correct, secure value for my cookies.