Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v
diff -u -r1.126.2.20 -r1.126.2.21
--- openacs-4/packages/acs-tcl/tcl/security-procs.tcl	4 Nov 2019 17:30:04 -0000	1.126.2.20
+++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl	13 Nov 2019 17:04:40 -0000	1.126.2.21
@@ -79,7 +79,10 @@
     Returns the maximum lifetime, in seconds, for sessions.
 } {
     # default value is 7 days ( 7 * 24 * 60 * 60 )
-    return [parameter::get -package_id [ad_acs_kernel_id] -parameter SessionLifetime -default 604800]
+    return [parameter::get \
+                -package_id $::acs::kernel_id \
+                -parameter SessionLifetime \
+                -default 604800]
 }
 
 ad_proc -private sec_sweep_sessions {} {
@@ -580,7 +583,9 @@
     Logs the user out.
 } {
     if {$cookie_domain eq ""} {
-        set cookie_domain [parameter::get -parameter CookieDomain -package_id $::acs::kernel_id]
+        set cookie_domain [parameter::get \
+                               -parameter CookieDomain \
+                               -package_id $::acs::kernel_id]
     }
 
     #
@@ -595,10 +600,14 @@
     # "SecureSessionCookie" was altered during a session, but this
     # should be a seldom border case.
     #
-    ad_unset_cookie -domain $cookie_domain -secure [expr {[parameter::get \
+    ad_unset_cookie \
+        -domain $cookie_domain \
+        -secure [expr {[parameter::get \
+                            -boolean \
                             -parameter SecureSessionCookie \
-                            -package_id [ad_acs_kernel_id] \
-                            -default 0] ? "t" : "f"}] ad_session_id
+                            -package_id $::acs::kernel_id \
+                            -default 0] ? "t" : "f"}] \
+        ad_session_id
     ad_unset_cookie -domain $cookie_domain -secure f ad_user_login
     ad_unset_cookie -domain $cookie_domain -secure t ad_secure_token
     ad_unset_cookie -domain $cookie_domain -secure t ad_user_login_secure
@@ -780,7 +789,9 @@
     ns_log Debug "Security: [ns_time] sec_generate_session_id_cookie setting session_id=$session_id, user_id=$user_id, login_level=$login_level"
 
     if {$cookie_domain eq ""} {
-        set cookie_domain [parameter::get -parameter CookieDomain -package_id $::acs::kernel_id]
+        set cookie_domain [parameter::get \
+                               -parameter CookieDomain \
+                               -package_id $::acs::kernel_id]
     }
 
     # Fetch the last value element of ad_user_login cookie (or
@@ -798,8 +809,9 @@
     }
     ad_set_signed_cookie \
         -secure [expr {[parameter::get \
+                            -boolean \
                             -parameter SecureSessionCookie \
-                            -package_id [ad_acs_kernel_id] \
+                            -package_id $::acs::kernel_id \
                             -default 0] ? "t" : "f"}] \
         -discard $discard \
         -replace t \
@@ -1596,7 +1608,10 @@
 
 } {
 
-    set num_tokens [parameter::get -package_id [ad_acs_kernel_id] -parameter NumberOfCachedSecretTokens -default 100]
+    set num_tokens [parameter::get \
+                        -package_id $::acs::kernel_id \
+                        -parameter NumberOfCachedSecretTokens \
+                        -default 100]
 
     # this is called directly from security-init.tcl,
     # so it runs during the install before the data model has been loaded
@@ -1615,7 +1630,10 @@
 
 } {
 
-    set num_tokens [parameter::get -package_id [ad_acs_kernel_id] -parameter NumberOfCachedSecretTokens -default 100]
+    set num_tokens [parameter::get \
+                        -package_id $::acs::kernel_id \
+                        -parameter NumberOfCachedSecretTokens \
+                        -default 100]
     # we assume sample size of 10%.
     set num_tokens [expr {$num_tokens * 10}]
     set counter 0
@@ -1856,7 +1874,7 @@
     return [parameter::get \
                 -boolean \
                 -parameter RestrictLoginToSSLP \
-                -package_id [ad_acs_kernel_id]]
+                -package_id $::acs::kernel_id]
 }
 
 ad_proc -public security::require_secure_conn {} {
@@ -2019,6 +2037,7 @@
         # SuppressHttpPort is set.
         #
         set suppress_http_port [parameter::get -parameter SuppressHttpPort \
+                                    -boolean \
                                     -package_id [apm_package_id_from_key acs-tcl] \
                                     -default 0]
         set secure_location [util::join_location \
@@ -2051,6 +2070,7 @@
         # SuppressHttpPort is set.
         #
         set suppress_http_port [parameter::get -parameter SuppressHttpPort \
+                                    -boolean \
                                     -package_id [apm_package_id_from_key acs-tcl] \
                                     -default 0]
         set insecure_location [util::join_location \
@@ -2324,6 +2344,7 @@
     # proxy's backend port. In this cases, SuppressHttpPort can be used
     #
     set suppress_http_port [parameter::get -parameter SuppressHttpPort \
+                                -boolean \
                                 -package_id [apm_package_id_from_key acs-tcl] \
                                 -default 0]
     if {$suppress_http_port} {