Add support for partitioned cookies

[miskr-instructure]

Since the fix of https://github.com/spring-projects/spring-session/issues/2787 the DefaultCookieSerializer of spring session now supports the partitioned attribute. However that attribute cannot be set via configuration, only by providing a custom CookieSerializer Bean.

This application.yml does not work as one would intuitively expect:

server:
  servlet:
    session:
      cookie:
        same-site: 'none'
        partitioned: 'true'  # <-- no effect
        secure: 'true'       # <-- also no effect?

... it seems it's only possible to set the new value by providing a custom @Bean:

@Configuration
class CustomCookieSerializerConfig {
  @Bean
  CookieSerializer cookieSerializer() {
    var cookieSerializer = new DefaultCookieSerializer();
    cookieSerializer.setSameSite("None");
    cookieSerializer.setPartitioned(true);
    cookieSerializer.setUseSecureCookie(true);
    return cookieSerializer;
  }
}

The likely cause is missing implementation in org.springframework.session.config.annotation.web.http.SpringHttpSessionConfiguration.createDefaultCookieSerializer()

Regarding affected versions:

• "server.servlet.session.cookie.secure" doesn't work in spring boot 3.3.x (and probably never has based on git blame)
• the partitioned feature will be a new one in spring boot 3.4.x which is not released yet (but it'd be nice if it worked by the time it goes GA)

[philwebb]

We don't currently have support for partitioned, but I'm surprised to see secure not working. Are you sure that's the case @miskr-instructure?

[philwebb]

Closing in favor of PR #42316. Thanks @nosan!