Yes, Lax is the option when you want preventing CSRF and nothing else.
I actually don't know any use case for Strict, but it makes sense, so it's probably useful.
And None is for when you want to explicitly allow CSRF (what is useful some times).
And either way, it's best to always set that flag on sensitive cookies (not only authentication, but anything that leaks user information too), even if it's the documented default, because browsers make quite a mess of their default.
I actually don't know any use case for Strict, but it makes sense, so it's probably useful.
And None is for when you want to explicitly allow CSRF (what is useful some times).
And either way, it's best to always set that flag on sensitive cookies (not only authentication, but anything that leaks user information too), even if it's the documented default, because browsers make quite a mess of their default.