Skip to content
Snippets Groups Projects
Commit 6f14a3ea authored by Douwe Maan's avatar Douwe Maan
Browse files

Merge branch '31644-make-cookie-sessions-unique' into 'master' 

Update session cookie key name to be unique to instance in development

Closes #31644

See merge request !11839
parents 0218a0bd 0087f939
No related branches found
No related tags found
3 merge requests!14773Maxraab master patch 51809,!12073Add RC2 changes to 9-3-stable,!11839Update session cookie key name to be unique to instance in development
Pipeline #
Hide whitespace changes
Inline Side-by-side
changelogs/unreleased/31644-make-cookie-sessions-unique.yml 0 → 100644
+ 4
0
View file @ 6f14a3ea
---
title: Update session cookie key name to be unique to instance in development
merge_request:
author:
config/initializers/session_store.rb
+ 7
1
View file @ 6f14a3ea
@@ -10,6 +10,12 @@ rescue
Settings.gitlab['session_expire_delay'] ||= 10080
end
 
cookie_key = if Rails.env.development?
"_gitlab_session_#{Digest::SHA256.hexdigest(Rails.root.to_s)}"
else
"_gitlab_session"
end
if Rails.env.test?
Gitlab::Application.config.session_store :cookie_store, key: "_gitlab_session"
else
@@ -19,7 +25,7 @@ else
Gitlab::Application.config.session_store(
:redis_store, # Using the cookie_store would enable session replay attacks.
servers: redis_config,
key: '_gitlab_session',
key: cookie_key,
secure: Gitlab.config.gitlab.https,
httponly: true,
expires_in: Settings.gitlab['session_expire_delay'] * 60,
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment