From f02c82c042fea56c60df88eba3a2516b5d51a7f5 Mon Sep 17 00:00:00 2001
From: Sascha Szott <szott@gmx.de>
Date: Thu, 10 Dec 2020 20:22:15 +0100
Subject: [PATCH 1/2] OPUSVIER-4493: add session.cookie_secure option (disabled
 by default)

---
 apacheconf/apache22.conf.template | 1 +
 apacheconf/apache24.conf.template | 1 +
 2 files changed, 2 insertions(+)

diff --git a/apacheconf/apache22.conf.template b/apacheconf/apache22.conf.template
index a29a4c761..1097c3915 100644
--- a/apacheconf/apache22.conf.template
+++ b/apacheconf/apache22.conf.template
@@ -52,6 +52,7 @@ Alias /OPUS_URL_BASE "/BASEDIR/public"
     # Setting cookie options
     php_value session.cookie_path     /OPUS_URL_BASE
     php_value session.cookie_httponly on
+    php_value session.cookie_secure   off
 
     # On Debian/Ubuntu, prevent PHP from deleting the cookies
     #Enable for UBUNTU/DEBIAN:# php_value session.gc_probability 0
diff --git a/apacheconf/apache24.conf.template b/apacheconf/apache24.conf.template
index 2800a9d15..45fc9ccaa 100644
--- a/apacheconf/apache24.conf.template
+++ b/apacheconf/apache24.conf.template
@@ -50,6 +50,7 @@ Alias /OPUS_URL_BASE "/BASEDIR/public"
     # Setting cookie options
     php_value session.cookie_path     /OPUS_URL_BASE
     php_value session.cookie_httponly on
+    php_value session.cookie_secure   off
 
     # On Debian/Ubuntu, prevent PHP from deleting the cookies
     #Enable for UBUNTU/DEBIAN:# php_value session.gc_probability 0

From f06d3c16a7af0431a6ce0c58c9f911f0d985dca6 Mon Sep 17 00:00:00 2001
From: Sascha Szott <szott@gmx.de>
Date: Thu, 10 Dec 2020 20:23:29 +0100
Subject: [PATCH 2/2] OPUSVIER-4493: allow to enable cookie flag secure in
 installation procedure

---
 bin/install-apache.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/bin/install-apache.sh b/bin/install-apache.sh
index c4594625c..824e3a306 100755
--- a/bin/install-apache.sh
+++ b/bin/install-apache.sh
@@ -90,6 +90,12 @@ then
   sed -i -e 's!#Enable for UBUNTU/DEBIAN:# !!' "$OUTPUT_FILE"
 fi
 
+read -p 'Enable cookie flag "secure" (only applicable if OPUS installation uses HTTPS) [N]: ' ENABLE_SECURE_FLAG
+if [ "$ENABLE_SECURE_FLAG" = Y ] || [ "$ENABLE_SECURE_FLAG" = y ] ;
+then
+  sed -i -e 's!php_value session.cookie_secure   off!php_value session.cookie_secure   on!' "$OUTPUT_FILE"
+fi
+
 [ -z "$APACHE_ADD_SITE" ] && read -p "Add site to Apache2 [Y]: " APACHE_ADD_SITE
 
 if [ -z "$APACHE_ADD_SITE" ] || [ "$APACHE_ADD_SITE" = Y ] || [ "$APACHE_ADD_SITE" = y ] ;