From ab446701a9f702a34ed55bc33a80f10b3d1ee617 Mon Sep 17 00:00:00 2001
From: Touhidur Rahman <abir.ruet@gmail.com>
Date: Thu, 2 May 2024 17:58:07 +0600
Subject: [PATCH] pkp/pkp-lib#9895 new config setting added

---
 config.TEMPLATE.inc.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/config.TEMPLATE.inc.php b/config.TEMPLATE.inc.php
index 16564b10744..f002ca0cd19 100644
--- a/config.TEMPLATE.inc.php
+++ b/config.TEMPLATE.inc.php
@@ -24,6 +24,12 @@
 
 [general]
 
+[general]
+
+; An application specific key that is required for the app to run
+; Internally this is used for any encryption (specifically cookie encryption if enabled)
+app_key = 
+
 ; Set this to On once the system has been installed
 ; (This is generally done automatically by the installer)
 installed = Off
@@ -255,6 +261,14 @@
 
 [security]
 
+; Specific cipher algorithm used to generate app key and encryption purpose
+; Valid and available algorithms are `aes-128-cbc`, `aes-256-cbc`, `aes-128-gcm` and `aes-256-gcm`
+; cipher = 'aes-256-cbc'
+
+; Define should the cookie at user's end need to be encrypted
+; Enabling/Disbaling will force all user to re-login
+; cookie_encryption = On
+
 ; Force SSL connections site-wide and also sets the "Secure" flag for session cookies
 ; See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#secure
 force_ssl = Off