Merge branch '31644-make-cookie-sessions-unique' into 'master'
Update session cookie key name to be unique to instance in development Closes #31644 See merge request !11839
This commit is contained in:
commit
6f14a3ea6b
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
title: Update session cookie key name to be unique to instance in development
|
||||||
|
merge_request:
|
||||||
|
author:
|
|
@ -10,6 +10,12 @@ rescue
|
||||||
Settings.gitlab['session_expire_delay'] ||= 10080
|
Settings.gitlab['session_expire_delay'] ||= 10080
|
||||||
end
|
end
|
||||||
|
|
||||||
|
cookie_key = if Rails.env.development?
|
||||||
|
"_gitlab_session_#{Digest::SHA256.hexdigest(Rails.root.to_s)}"
|
||||||
|
else
|
||||||
|
"_gitlab_session"
|
||||||
|
end
|
||||||
|
|
||||||
if Rails.env.test?
|
if Rails.env.test?
|
||||||
Gitlab::Application.config.session_store :cookie_store, key: "_gitlab_session"
|
Gitlab::Application.config.session_store :cookie_store, key: "_gitlab_session"
|
||||||
else
|
else
|
||||||
|
@ -19,7 +25,7 @@ else
|
||||||
Gitlab::Application.config.session_store(
|
Gitlab::Application.config.session_store(
|
||||||
:redis_store, # Using the cookie_store would enable session replay attacks.
|
:redis_store, # Using the cookie_store would enable session replay attacks.
|
||||||
servers: redis_config,
|
servers: redis_config,
|
||||||
key: '_gitlab_session',
|
key: cookie_key,
|
||||||
secure: Gitlab.config.gitlab.https,
|
secure: Gitlab.config.gitlab.https,
|
||||||
httponly: true,
|
httponly: true,
|
||||||
expires_in: Settings.gitlab['session_expire_delay'] * 60,
|
expires_in: Settings.gitlab['session_expire_delay'] * 60,
|
||||||
|
|
Loading…
Reference in New Issue