BigW Consortium Gitlab

Commit 6f14a3ea by Douwe Maan

Merge branch '31644-make-cookie-sessions-unique' into 'master'

Update session cookie key name to be unique to instance in development Closes #31644 See merge request !11839
parents 0218a0bd 0087f939
---
title: Update session cookie key name to be unique to instance in development
merge_request:
author:
......@@ -10,6 +10,12 @@ rescue
Settings.gitlab['session_expire_delay'] ||= 10080
end
cookie_key = if Rails.env.development?
"_gitlab_session_#{Digest::SHA256.hexdigest(Rails.root.to_s)}"
else
"_gitlab_session"
end
if Rails.env.test?
Gitlab::Application.config.session_store :cookie_store, key: "_gitlab_session"
else
......@@ -19,7 +25,7 @@ else
Gitlab::Application.config.session_store(
:redis_store, # Using the cookie_store would enable session replay attacks.
servers: redis_config,
key: '_gitlab_session',
key: cookie_key,
secure: Gitlab.config.gitlab.https,
httponly: true,
expires_in: Settings.gitlab['session_expire_delay'] * 60,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment