Update SameSite cookie notes (#322)

Add notes for blocking cookies when SESSION_COOKIE_SECURE is not set

Author: omidraha

docs/source/contents/setup.rst

@@ -63,7 +63,7 @@ You can even configure the SAML cookie name as follows::
   SAML_SESSION_COOKIE_NAME = 'saml_session'
 
 Remember that in your browser "SameSite=None" attribute MUST also
-have the "Secure" attribute, which is required in order to use "SameSite=None"::
+have the "Secure" attribute, which is required in order to use "SameSite=None", otherwise the cookie will be blocked, so you must also set::
 
   SESSION_COOKIE_SECURE = True