From 95bb215985daf27b3bd01f1d505ecf488bfd0ec1 Mon Sep 17 00:00:00 2001
From: Mike Olund <michaelo@openroad.ca>
Date: Tue, 28 Mar 2017 23:05:38 -0700
Subject: [PATCH] Make cookies secure via nginx

---
 edivorce/settings/openshift.py           | 2 ++
 openshift/nginx-proxy/conf.d/server.conf | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/edivorce/settings/openshift.py b/edivorce/settings/openshift.py
index 05ee942f..0bea348e 100644
--- a/edivorce/settings/openshift.py
+++ b/edivorce/settings/openshift.py
@@ -80,3 +80,5 @@ BASICAUTH_PASSWORD = os.getenv('BASICAUTH_PASSWORD', '')
 
 # Only send session cookies over SSL
 SESSION_COOKIE_SECURE=True
+SESSION_COOKIE_PATH = PROXY_URL_PREFIX
+SESSION_EXPIRE_AT_BROWSER_CLOSE = True
diff --git a/openshift/nginx-proxy/conf.d/server.conf b/openshift/nginx-proxy/conf.d/server.conf
index 9581352d..b32f46b5 100644
--- a/openshift/nginx-proxy/conf.d/server.conf
+++ b/openshift/nginx-proxy/conf.d/server.conf
@@ -14,6 +14,7 @@ server {
     location / {
         proxy_pass http://edivorce-django:8080;
         proxy_pass_request_headers on;
+        proxy_cookie_domain ~(?P<domain>(justice.gov.bc.ca))$ "$domain; Secure";
 
         # remove directories from incoming requests;
         rewrite ^/divorce-dev$ / last;
@@ -39,6 +40,7 @@ server {
 
         proxy_pass http://edivorce-django:8080;
         proxy_pass_request_headers on;
+        proxy_cookie_domain ~(?P<domain>(justice.gov.bc.ca))$ "$domain; Secure";
     }
 
     # For status of ngnix service