Index: branches/5.3.x/core/units/configuration/configuration_event_handler.php
===================================================================
diff -u -N -r16519 -r16731
--- branches/5.3.x/core/units/configuration/configuration_event_handler.php	(.../configuration_event_handler.php)	(revision 16519)
+++ branches/5.3.x/core/units/configuration/configuration_event_handler.php	(.../configuration_event_handler.php)	(revision 16731)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: configuration_event_handler.php 16519 2017-01-20 20:21:46Z alex $
+* @version	$Id: configuration_event_handler.php 16731 2022-09-13 13:08:44Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -178,7 +178,24 @@
 				$email_event_data = $this->Application->GetVar('email-template_' . $event->Prefix);
 				$object->SetDBField('VariableValue', $email_event_data[0]['Recipients']);
 			}
+			elseif ( $variable_name === 'PlainTextCookies' || $variable_name === 'EncryptedCookies' ) {
+				$cookie_set1 = $new_value;
+				$cookie_set1 = $cookie_set1 ? explode(',', $cookie_set1) : array();
 
+				$cookie_set2 = $this->Application->ConfigValue(
+					$variable_name === 'PlainTextCookies' ? 'EncryptedCookies' : 'PlainTextCookies'
+				);
+				$cookie_set2 = $cookie_set2 ? explode(',', $cookie_set2) : array();
+
+				if ( array_intersect($cookie_set1, $cookie_set2) ) {
+					$object->SetError(
+						'VariableValue',
+						'cookie_encryption_state',
+						'la_error_CookieEncryptionState'
+					);
+				}
+			}
+
 			/** @var kSectionsHelper $sections_helper */
 			$sections_helper = $this->Application->recallObject('SectionsHelper');
 
@@ -272,6 +289,21 @@
 			if ( $object->GetDBField('ElementType') == 'password' && trim($object->GetDBField('VariableValue')) == '' ) {
 				$object->SetFieldOption('VariableValue', 'skip_empty', 1);
 			}
+
+			if ( $object->GetDBField('VariableName') === 'EncryptedCookies' ) {
+				$new_value = $object->GetDBField('VariableValue');
+				$old_value = $object->GetOriginalField('VariableValue');
+
+				if ( $new_value != $old_value ) {
+					/** @var CookieManager $cookie_manager */
+					$cookie_manager = $this->Application->recallObject('CookieManager');
+					$required_encrypted_cookies = $cookie_manager->getRequiredEncryptedCookies();
+
+					$new_value_parsed = $new_value ? explode(',', $new_value) : array();
+					$new_value_parsed = array_unique(array_merge($new_value_parsed, $required_encrypted_cookies));
+					$object->SetDBField('VariableValue', implode(',', $new_value_parsed));
+				}
+			}
 		}
 
 		/**
@@ -328,6 +360,28 @@
 					$skin_deleted = true;
 				}
 			}
+			elseif ( $variable_name === 'SessionCookieName' && in_array($variable_name, $changed) ) {
+				$encrypted_cookie_names = $this->Application->ConfigValue('EncryptedCookies');
+
+				if ( !$encrypted_cookie_names ) {
+					return;
+				}
+
+				$old_value = $object->GetOriginalField('VariableValue');
+				$new_value = $object->GetDBField('VariableValue');
+				$encrypted_cookie_names = explode(',', $encrypted_cookie_names);
+
+				// Sample: cookies_on,remember_login,last_module,adm_sid,adm_sid_live,sid,sid_live.
+				foreach ( $encrypted_cookie_names as $index => $encrypted_cookie_name ) {
+					if ( !preg_match('/^(adm_|)' . $old_value . '(_live|)$/', $encrypted_cookie_name, $regs) ) {
+						continue;
+					}
+
+					$encrypted_cookie_names[$index] = $regs[1] . $new_value . $regs[2];
+				}
+
+				$this->Application->SetConfigValue('EncryptedCookies', implode(',', $encrypted_cookie_names));
+			}
 		}
 
 		/**