From 0d87a7a5a6269b1247176d3e2e43196a9d0d1d3a Mon Sep 17 00:00:00 2001
From: Sascha Szott <szott@gmx.de>
Date: Wed, 9 Dec 2020 19:54:13 +0100
Subject: [PATCH 1/2] enabled session.cookie_httponly

---
 apacheconf/apache22.conf.template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apacheconf/apache22.conf.template b/apacheconf/apache22.conf.template
index a4100da227..a29a4c761b 100644
--- a/apacheconf/apache22.conf.template
+++ b/apacheconf/apache22.conf.template
@@ -50,7 +50,8 @@ Alias /OPUS_URL_BASE "/BASEDIR/public"
     php_flag short_open_tag on
 
     # Setting cookie options
-    php_value session.cookie_path    /OPUS_URL_BASE
+    php_value session.cookie_path     /OPUS_URL_BASE
+    php_value session.cookie_httponly on
 
     # On Debian/Ubuntu, prevent PHP from deleting the cookies
     #Enable for UBUNTU/DEBIAN:# php_value session.gc_probability 0

From 06a03aca0522a72f53ca920022f14b23a9a2c873 Mon Sep 17 00:00:00 2001
From: Sascha Szott <szott@gmx.de>
Date: Wed, 9 Dec 2020 19:54:46 +0100
Subject: [PATCH 2/2] enabled session.cookie_httponly

---
 apacheconf/apache24.conf.template | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/apacheconf/apache24.conf.template b/apacheconf/apache24.conf.template
index cbd39e44a2..2800a9d157 100644
--- a/apacheconf/apache24.conf.template
+++ b/apacheconf/apache24.conf.template
@@ -48,7 +48,8 @@ Alias /OPUS_URL_BASE "/BASEDIR/public"
     php_flag short_open_tag on
 
     # Setting cookie options
-    php_value session.cookie_path    /OPUS_URL_BASE
+    php_value session.cookie_path     /OPUS_URL_BASE
+    php_value session.cookie_httponly on
 
     # On Debian/Ubuntu, prevent PHP from deleting the cookies
     #Enable for UBUNTU/DEBIAN:# php_value session.gc_probability 0