fix secure cookie (#4566)

Author: aynsix

lib/Alchemy/Phrasea/Controller/Root/RootController.php

@@ -37,7 +37,21 @@ public function getRoot()
     public function setLocale($locale)
     {
         $response = $this->app->redirectPath('root');
-        $response->headers->setCookie(new Cookie('locale', $locale, 0, '/', null, true, false));
+
+        $cookiePath = ini_get('session.cookie_path');
+        $cookieDomain = ini_get('session.cookie_domain');
+        $cookieHttpOnly = ini_get('session.cookie_httponly');
+        $cookieSecure = ini_get('session.cookie_secure');
+
+        $response->headers->setCookie(new Cookie(
+            'locale',
+            $locale,
+            0,
+            $cookiePath,
+            empty($cookieDomain)? null : $cookieDomain,
+            $cookieSecure ? true: false,
+            $cookieHttpOnly ? true : false
+        ));
 
         $authenticatedUser = $this->getAuthenticatedUser();
 

lib/Alchemy/Phrasea/Core/Event/Subscriber/PhraseaLocaleSubscriber.php

@@ -81,7 +81,20 @@ public function addLocaleCookie(FilterResponseEvent $event)
         $cookies = $event->getRequest()->cookies;
 
         if (isset($this->locale) && (false === $cookies->has('locale') || $cookies->get('locale') !== $this->locale)) {
-            $event->getResponse()->headers->setCookie(new Cookie('locale', $this->locale, 0,  '/',  null, true, false));
+            $cookiePath = ini_get('session.cookie_path');
+            $cookieDomain = ini_get('session.cookie_domain');
+            $cookieHttpOnly = ini_get('session.cookie_httponly');
+            $cookieSecure = ini_get('session.cookie_secure');
+
+            $event->getResponse()->headers->setCookie(new Cookie(
+                'locale',
+                $this->locale,
+                0,
+                $cookiePath,
+                empty($cookieDomain)? null : $cookieDomain,
+                $cookieSecure ? true: false,
+                $cookieHttpOnly ? true : false
+            ));
         }
     }
 }