fix(middleware.session): 修复 secure 字段未设置的问题，增加了 http 不响应 sameSite 的逻辑

src/Middleware/SessionMiddleware.php

@@ -81,16 +81,28 @@ class SessionMiddleware implements MiddlewareInterface
         ResponseInterface $response,
         SessionInterface $session
     ): ResponseInterface {
+        $protocol = $request->hasHeader('x-forwarded-proto')
+            ? $request->getHeaderLine('x-forwarded-proto')
+            : $request->getUri()->getScheme();
+        $secure = $this->config->get('session.options.secure') ?? $protocol === 'https';
+
+        $samesite = $this->config->get('session.options.samesite');
+        if (!$secure && $samesite === Cookie::SAMESITE_NONE) {
+            $samesite = null;
+        } else {
+            $samesite ??= Cookie::SAMESITE_LAX;
+        }
         $cookie = new Cookie(
             name: $session->getName(),
             value: $session->getId(),
             expire: $this->getCookieExpirationDate(),
             path: $this->config->get('session.options.path', '/'),
             domain: $this->config->get('session.options.domain', $request->getUri()->getHost()),
-            secure: strtolower($request->getUri()->getScheme()) === 'https',
+            secure: $secure,
             httpOnly: true,
-            sameSite: $this->config->get('session.options.samesite', Cookie::SAMESITE_LAX)
+            sameSite: $samesite
         );
+
         if (!method_exists($response, 'withCookie')) {
             return $response->withHeader('Set-Cookie', (string)$cookie);
         }