The settings for $CookieSameSite and $CookieSecure don't need be uncommented. Those values are the default values for those variables anyway. If you want a session cookie, then you do need to uncomment that, since that is not the default.
The problem may be with Authen::CAS usage. There have been quite a few changes to WeBWorK's authentication in the last few releases, and unfortunately that module has not really been updated for all of those changes. None of the active developers use that module, and I don't think any of us have a way to test it either. That means that all we can do is guess at what it needs. We need someone that has a setting to test it to figure out what is needed to fix it.