Merge branch 'update-marketing-cookie' into 'master'

Updating marketing cookie

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131072



Merged-by: Terri Chu <tchu@gitlab.com>
Approved-by: Jay Montal <jmontal@gitlab.com>
Approved-by: Terri Chu <tchu@gitlab.com>
Reviewed-by: Terri Chu <tchu@gitlab.com>
Reviewed-by: Jay Montal <jmontal@gitlab.com>
Co-authored-by: Miracle Banks <miraclebanks@Miracles-Work-Laptop.local>

app/models/active_session.rb

@@ -102,17 +102,16 @@ def self.set(user, request)
   # set marketing cookie when user has active session
   def self.set_active_user_cookie(auth)
-    auth.cookies[:about_gitlab_active_user] =
+    expiration_time = 2.weeks.from_now
+
+    auth.cookies[:gitlab_user] =
       {
         value: true,
-        domain: Gitlab.config.gitlab.host
+        domain: Gitlab.config.gitlab.host,
+        expires: expiration_time
       }
   end
-  def self.unset_active_user_cookie(auth)
-    auth.cookies.delete :about_gitlab_active_user
-  end
-
   def self.list(user)
     Gitlab::Redis::Sessions.with do |redis|
       cleaned_up_lookup_entries(redis, user).map do |raw_session|

config/initializers/warden.rb

@@ -38,8 +38,6 @@
   Warden::Manager.before_logout(scope: :user) do |user, auth, opts|
     user ||= auth.user
-    # deletes marketing cookie when user session ends
-    ActiveSession.unset_active_user_cookie(auth) if ::Gitlab.com?
     # Rails CSRF protection may attempt to log out a user before that
     # user even logs in
     next unless user

doc/user/profile/index.md

@@ -397,15 +397,15 @@ When you sign in, three cookies are set:
 - A session cookie called `_gitlab_session`.
   This cookie has no set expiration date. However, it expires based on its `session_expire_delay`.
-- A session cookie called `about_gitlab_active_user`.
-  This cookie is used by the [marketing site](https://about.gitlab.com/) to determine if a user has an active GitLab session. No user information is passed to the cookie and it expires with the session.
+- A session cookie called `gitlab_user`.
+  This cookie is used by the [marketing site](https://about.gitlab.com/) to determine if a user has an active GitLab session. No user information is passed to the cookie and it expires two weeks from login.
 - A persistent cookie called `remember_user_token`, which is set only if you selected **Remember me** on the sign-in page.
-When you close your browser, the `_gitlab_session` and `about_gitlab_active_user` cookies are usually cleared client-side.
+When you close your browser, the `_gitlab_session` and `gitlab_user` cookies are usually cleared client-side.
 When it expires or isn't available, GitLab:
 - Uses the `remember_user_token`cookie to get you a new `_gitlab_session` cookie and keep you signed in, even if you close your browser.
-- Sets the `about_gitlab_active_user` to `true`.
+- Sets the `gitlab_user` to `true`.
 When both the `remember_user_token` and `_gitlab_session` cookies are gone or expired, you must sign in again.

spec/models/active_session_spec.rb

@@ -650,25 +650,13 @@ def dump_session(session)
     end
   end
-  describe '.set_active_user_cookie' do
+  describe '.set_active_user_cookie', :freeze_time do
     let(:auth) { double(cookies: {}) }
     it 'sets marketing cookie' do
       described_class.set_active_user_cookie(auth)
-      expect(auth.cookies[:about_gitlab_active_user][:value]).to be_truthy
-    end
-  end
-
-  describe '.unset_active_user_cookie' do
-    let(:auth) { double(cookies: {}) }
-
-    before do
-      described_class.set_active_user_cookie(auth)
-    end
-
-    it 'unsets marketing cookie' do
-      described_class.unset_active_user_cookie(auth)
-      expect(auth.cookies[:about_gitlab_active_user]).to be_nil
+      expect(auth.cookies[:gitlab_user][:value]).to be_truthy
+      expect(auth.cookies[:gitlab_user][:expires]).to be_within(1.minute).of(2.weeks.from_now)
     end
   end
 end

spec/requests/sessions_spec.rb

@@ -5,7 +5,7 @@
 RSpec.describe 'Sessions', feature_category: :system_access do
   include SessionHelpers
-  let_it_be(:user) { create(:user) }
+  let(:user) { create(:user) }
   context 'for authentication', :allow_forgery_protection do
     it 'logout does not require a csrf token' do
@@ -17,20 +17,20 @@
     end
   end
-  describe 'about_gitlab_active_user', :saas do
+  describe 'gitlab_user cookie', :saas do
+    let_it_be(:user) { create(:user) }
+
     context 'when user signs in' do
       it 'sets marketing cookie' do
         post user_session_path(user: { login: user.username, password: user.password })
-
-        expect(response.cookies['about_gitlab_active_user']).to be_present
+        expect(response.cookies['gitlab_user']).to be_present
       end
     end
     context 'when user uses remember_me' do
       it 'sets marketing cookie' do
         post user_session_path(user: { login: user.username, password: user.password, remember_me: true })
-
-        expect(response.cookies['about_gitlab_active_user']).to be_present
+        expect(response.cookies['gitlab_user']).to be_present
       end
     end
@@ -74,18 +74,6 @@ def authenticate_2fa(otp_attempt:)
       end
     end
-    context 'when user signs out' do
-      before do
-        post user_session_path(user: { login: user.username, password: user.password })
-      end
-
-      it 'deletes marketing cookie' do
-        post(destroy_user_session_path)
-
-        expect(response.cookies['about_gitlab_active_user']).to be_nil
-      end
-    end
-
     context 'when user is not using GitLab SaaS' do
       before do
         allow(::Gitlab).to receive(:com?).and_return(false)
@@ -93,8 +81,7 @@ def authenticate_2fa(otp_attempt:)
       it 'does not set marketing cookie' do
         post user_session_path(user: { login: user.username, password: user.password })
-
-        expect(response.cookies['about_gitlab_active_user']).to be_nil
+        expect(response.cookies['gitlab_user']).to be_nil
       end
     end
   end