Add specs for both SharedState and Sessions store

ee/spec/controllers/groups/dependency_proxy_for_containers_controller_spec.rb

@@ -45,7 +45,8 @@ RSpec.describe Groups::DependencyProxyForContainersController do
           expect(response).to have_gitlab_http_status(:not_found)
         end
 
-        context 'with an active session', :clean_gitlab_redis_shared_state do
+        shared_examples 'active session' do
+          context 'with an active session' do
             let(:session_id) { '42' }
             let(:session_time) { 5.minutes.ago }
             let(:stored_session) do
@@ -53,7 +54,7 @@ RSpec.describe Groups::DependencyProxyForContainersController do
             end
 
             before do
-            Gitlab::Redis::SharedState.with do |redis|
+              redis_store_class.with do |redis|
                 redis.set("session:gitlab:#{session_id}", Marshal.dump(stored_session))
                 redis.sadd("session:lookup:user:gitlab:#{user.id}", [session_id])
               end
@@ -63,6 +64,9 @@ RSpec.describe Groups::DependencyProxyForContainersController do
           end
         end
 
+        it_behaves_like 'redis sessions store', 'active session'
+      end
+
       context 'when git check is not enforced' do
         it_behaves_like successful_example
       end

ee/spec/features/users/login_spec.rb

@@ -85,7 +85,12 @@ RSpec.describe 'Login' do
           expect(page.body).to have_link('Register now', href: new_user_registration_path)
         end
 
-        describe 'with two-factor authentication required', :clean_gitlab_redis_shared_state do
+        RSpec.shared_examples_for 'two-factor authentication' do
+          before do
+            load Rails.root.join('config/initializers/session_store.rb')
+          end
+
+          describe 'with two-factor authentication required' do
             let_it_be(:user) { create(:user) }
             let_it_be(:smartcard_identity) { create(:smartcard_identity, user: user) }
 
@@ -124,6 +129,9 @@ RSpec.describe 'Login' do
             end
           end
         end
+
+        it_behaves_like 'redis sessions store', 'two-factor authentication'
+      end
     end
   end
 

ee/spec/lib/gitlab/auth/group_saml/session_enforcer_spec.rb

@@ -9,6 +9,7 @@ RSpec.describe Gitlab::Auth::GroupSaml::SessionEnforcer do
     end
   end
 
+  RSpec.shared_examples_for 'group saml session enforcer' do
     describe '#access_restricted' do
       let_it_be(:saml_provider) { create(:saml_provider, enforced_sso: true) }
       let_it_be(:user) { create(:user) }
@@ -27,7 +28,7 @@ RSpec.describe Gitlab::Auth::GroupSaml::SessionEnforcer do
           allow(saml_provider).to receive(:git_check_enforced?).and_return(true)
         end
 
-      context 'with an active session', :clean_gitlab_redis_shared_state do
+        context 'with an active session' do
           let(:session_id) { '42' }
           let(:session_time) { 5.minutes.ago }
           let(:stored_session) do
@@ -35,7 +36,7 @@ RSpec.describe Gitlab::Auth::GroupSaml::SessionEnforcer do
           end
 
           before do
-          Gitlab::Redis::SharedState.with do |redis|
+            redis_store_class.with do |redis|
               redis.set("session:gitlab:#{session_id}", Marshal.dump(stored_session))
               redis.sadd("session:lookup:user:gitlab:#{user.id}", [session_id])
             end
@@ -63,14 +64,14 @@ RSpec.describe Gitlab::Auth::GroupSaml::SessionEnforcer do
             end
           end
 
-        context 'with two active sessions', :clean_gitlab_redis_shared_state do
+          context 'with two active sessions' do
             let(:second_session_id) { '52' }
             let(:second_stored_session) do
               { 'active_group_sso_sign_ins' => { create(:saml_provider, enforced_sso: true).id => session_time } }
             end
 
             before do
-            Gitlab::Redis::SharedState.with do |redis|
+              redis_store_class.with do |redis|
                 redis.set("session:gitlab:#{second_session_id}", Marshal.dump(second_stored_session))
                 redis.sadd("session:lookup:user:gitlab:#{user.id}", [session_id, second_session_id])
               end
@@ -79,7 +80,7 @@ RSpec.describe Gitlab::Auth::GroupSaml::SessionEnforcer do
             it_behaves_like 'not enforced'
           end
 
-        context 'with two active sessions for the same provider and one pre-sso', :clean_gitlab_redis_shared_state do
+          context 'with two active sessions for the same provider and one pre-sso' do
             let(:second_session_id) { '52' }
             let(:third_session_id) { '62' }
             let(:second_stored_session) do
@@ -87,7 +88,7 @@ RSpec.describe Gitlab::Auth::GroupSaml::SessionEnforcer do
             end
 
             before do
-            Gitlab::Redis::SharedState.with do |redis|
+              redis_store_class.with do |redis|
                 redis.set("session:gitlab:#{second_session_id}", Marshal.dump(second_stored_session))
                 redis.set("session:gitlab:#{third_session_id}", Marshal.dump({}))
                 redis.sadd("session:lookup:user:gitlab:#{user.id}", [session_id, second_session_id, third_session_id])
@@ -192,14 +193,14 @@ RSpec.describe Gitlab::Auth::GroupSaml::SessionEnforcer do
           allow(saml_provider).to receive(:git_check_enforced?).and_return(false)
         end
 
-      context 'with an active session', :clean_gitlab_redis_shared_state do
+        context 'with an active session' do
           let(:session_id) { '42' }
           let(:stored_session) do
             { 'active_group_sso_sign_ins' => { saml_provider.id => 5.minutes.ago } }
           end
 
           before do
-          Gitlab::Redis::SharedState.with do |redis|
+            redis_store_class.with do |redis|
               redis.set("session:gitlab:#{session_id}", Marshal.dump(stored_session))
               redis.sadd("session:lookup:user:gitlab:#{user.id}", [session_id])
             end
@@ -213,4 +214,7 @@ RSpec.describe Gitlab::Auth::GroupSaml::SessionEnforcer do
         end
       end
     end
+  end
+
+  it_behaves_like 'redis sessions store', 'group saml session enforcer'
 end

ee/spec/lib/gitlab/auth/otp/session_enforcer_spec.rb

@@ -2,7 +2,8 @@
 
 require 'spec_helper'
 
-RSpec.describe Gitlab::Auth::Otp::SessionEnforcer, :clean_gitlab_redis_shared_state do
+RSpec.describe Gitlab::Auth::Otp::SessionEnforcer do
+  shared_examples_for 'otp session enforcer' do
     let_it_be(:key) { create(:key)}
 
     describe '#update_session' do
@@ -13,12 +14,12 @@ RSpec.describe Gitlab::Auth::Otp::SessionEnforcer, :clean_gitlab_redis_shared_st
       end
 
       it 'registers a session in Redis' do
-      expect(Gitlab::Redis::SharedState).to receive(:with).and_yield(redis)
+        expect(redis_store_class).to receive(:with).and_yield(redis)
         session_expiry_in_seconds = Gitlab::CurrentSettings.git_two_factor_session_expiry.minutes.to_i
 
         expect(redis).to(
           receive(:setex)
-          .with("#{described_class::OTP_SESSIONS_NAMESPACE}:#{key.id}",
+            .with("#{::Gitlab::Redis::Sessions::OTP_SESSIONS_NAMESPACE}:#{key.id}",
                   session_expiry_in_seconds,
                   true)
             .once)
@@ -48,8 +49,8 @@ RSpec.describe Gitlab::Auth::Otp::SessionEnforcer, :clean_gitlab_redis_shared_st
 
       context 'with existing session' do
         before do
-        Gitlab::Redis::SharedState.with do |redis|
-          redis.set("#{described_class::OTP_SESSIONS_NAMESPACE}:#{key.id}", true )
+          redis_store_class.with do |redis|
+            redis.set("#{::Gitlab::Redis::Sessions::OTP_SESSIONS_NAMESPACE}:#{key.id}", true )
           end
         end
 
@@ -60,4 +61,7 @@ RSpec.describe Gitlab::Auth::Otp::SessionEnforcer, :clean_gitlab_redis_shared_st
         it { is_expected.to be_truthy }
       end
     end
+  end
+
+  it_behaves_like 'redis sessions store', 'otp session enforcer'
 end

ee/spec/lib/gitlab/auth/smartcard/session_enforcer_spec.rb

@@ -29,14 +29,15 @@ RSpec.describe Gitlab::Auth::Smartcard::SessionEnforcer do
       stub_smartcard_setting(enabled: true, required_for_git_access: true)
     end
 
-    context 'with a smartcard session', :clean_gitlab_redis_shared_state do
+    RSpec.shared_examples_for 'smartcard session' do
+      context 'with a smartcard session' do
         let(:session_id) { '42' }
         let(:stored_session) do
           { 'smartcard_signins' => { 'last_signin_at' => 5.minutes.ago } }
         end
 
         before do
-        Gitlab::Redis::SharedState.with do |redis|
+          redis_store_class.with do |redis|
             redis.set("session:gitlab:#{session_id}", Marshal.dump(stored_session))
             redis.sadd("session:lookup:user:gitlab:#{user.id}", [session_id])
           end
@@ -44,6 +45,9 @@ RSpec.describe Gitlab::Auth::Smartcard::SessionEnforcer do
 
         it { is_expected.to be_falsey }
       end
+    end
+
+    it_behaves_like 'redis sessions store', 'smartcard session'
 
     context 'without any session' do
       it { is_expected.to be_truthy }

ee/spec/lib/gitlab/auth/smartcard/session_spec.rb

@@ -3,19 +3,20 @@
 require 'spec_helper'
 
 RSpec.describe Gitlab::Auth::Smartcard::Session do
+  RSpec.shared_examples_for 'smartcard session' do
     describe '#active?' do
       let(:user) { create(:user) }
 
       subject { described_class.new.active?(user) }
 
-    context 'with a smartcard session', :clean_gitlab_redis_shared_state do
+      context 'with a smartcard session' do
         let(:session_id) { '42' }
         let(:stored_session) do
           { 'smartcard_signins' => { 'last_signin_at' => 5.minutes.ago } }
         end
 
         before do
-        Gitlab::Redis::SharedState.with do |redis|
+          redis_store_class.with do |redis|
             redis.set("session:gitlab:#{session_id}", Marshal.dump(stored_session))
             redis.sadd("session:lookup:user:gitlab:#{user.id}", [session_id])
           end
@@ -44,4 +45,7 @@ RSpec.describe Gitlab::Auth::Smartcard::Session do
         expect(Gitlab::Session.current[:smartcard_signins]).to eq({ 'last_signin_at' => now })
       end
     end
+  end
+
+  it_behaves_like 'redis sessions store', 'smartcard session'
 end

ee/spec/lib/gitlab/git_access_spec.rb

@@ -704,6 +704,7 @@ RSpec.describe Gitlab::GitAccess do
     end
   end
 
+  RSpec.shared_examples_for 'checks smartcard access & otp session' do
     describe '#check_smartcard_access!' do
       before do
         stub_licensed_features(smartcard_auth: true)
@@ -712,14 +713,14 @@ RSpec.describe Gitlab::GitAccess do
         project.add_developer(user)
       end
 
-    context 'user with a smartcard session', :clean_gitlab_redis_shared_state do
+      context 'user with a smartcard session' do
         let(:session_id) { '42' }
         let(:stored_session) do
           { 'smartcard_signins' => { 'last_signin_at' => 5.minutes.ago } }
         end
 
         before do
-        Gitlab::Redis::SharedState.with do |redis|
+          redis_store_class.with do |redis|
             redis.set("session:gitlab:#{session_id}", Marshal.dump(stored_session))
             redis.sadd("session:lookup:user:gitlab:#{user.id}", [session_id])
           end
@@ -772,10 +773,10 @@ RSpec.describe Gitlab::GitAccess do
         stub_licensed_features(git_two_factor_enforcement: true)
       end
 
-    context 'with an OTP session', :clean_gitlab_redis_shared_state do
+      context 'with an OTP session' do
         before do
-        Gitlab::Redis::SharedState.with do |redis|
-          redis.set("#{Gitlab::Auth::Otp::SessionEnforcer::OTP_SESSIONS_NAMESPACE}:#{key.id}", true)
+          redis_store_class.with do |redis|
+            redis.set("#{Gitlab::Redis::Sessions::OTP_SESSIONS_NAMESPACE}:#{key.id}", true)
           end
         end
 
@@ -803,11 +804,11 @@ RSpec.describe Gitlab::GitAccess do
 
           def stub_redis
             redis = double(:redis)
-          expect(Gitlab::Redis::SharedState).to receive(:with).at_most(:twice).and_yield(redis)
+            expect(redis_store_class).to receive(:with).at_most(:twice).and_yield(redis)
 
             expect(redis).to(
               receive(:get)
-              .with("#{Gitlab::Auth::Otp::SessionEnforcer::OTP_SESSIONS_NAMESPACE}:#{key.id}"))
+                .with("#{Gitlab::Redis::Sessions::OTP_SESSIONS_NAMESPACE}:#{key.id}"))
                          .at_most(:twice)
                          .and_return(value_of_key)
           end
@@ -929,6 +930,9 @@ RSpec.describe Gitlab::GitAccess do
         end
       end
     end
+  end
+
+  it_behaves_like 'redis sessions store', 'checks smartcard access & otp session'
 
   describe '#check_sso_session!' do
     before do

ee/spec/requests/api/internal/base_spec.rb

@@ -154,14 +154,15 @@ RSpec.describe API::Internal::Base do
         project.add_developer(user)
       end
 
-      context 'user with a smartcard session', :clean_gitlab_redis_shared_state do
+      RSpec.shared_examples_for 'smartcard session' do
+        context 'user with a smartcard session' do
           let(:session_id) { '42' }
           let(:stored_session) do
             { 'smartcard_signins' => { 'last_signin_at' => 5.minutes.ago } }
           end
 
           before do
-          Gitlab::Redis::SharedState.with do |redis|
+            redis_store_class.with do |redis|
               redis.set("session:gitlab:#{session_id}", Marshal.dump(stored_session))
               redis.sadd("session:lookup:user:gitlab:#{user.id}", [session_id])
             end
@@ -173,6 +174,9 @@ RSpec.describe API::Internal::Base do
             expect(response).to have_gitlab_http_status(:ok)
           end
         end
+      end
+
+      it_behaves_like 'redis sessions store', 'smartcard session'
 
       context 'user without a smartcard session' do
         it "does not allow access" do

ee/spec/requests/repositories/git_http_controller_spec.rb

@@ -54,14 +54,15 @@ RSpec.describe Repositories::GitHttpController, type: :request do
         project.add_developer(user)
       end
 
-      context 'user with a smartcard session', :clean_gitlab_redis_shared_state do
+      RSpec.shared_examples_for 'smartcard session' do
+        context 'user with a smartcard session' do
           let(:session_id) { '42' }
           let(:stored_session) do
             { 'smartcard_signins' => { 'last_signin_at' => 5.minutes.ago } }
           end
 
           before do
-          Gitlab::Redis::SharedState.with do |redis|
+            redis_store_class.with do |redis|
               redis.set("session:gitlab:#{session_id}", Marshal.dump(stored_session))
               redis.sadd("session:lookup:user:gitlab:#{user.id}", [session_id])
             end
@@ -73,6 +74,9 @@ RSpec.describe Repositories::GitHttpController, type: :request do
             expect(response).to have_gitlab_http_status(:ok)
           end
         end
+      end
+
+      it_behaves_like 'redis sessions store', 'smartcard session'
 
       context 'user without a smartcard session' do
         it "does not allow access" do

spec/channels/application_cable/connection_spec.rb

@@ -2,12 +2,13 @@
 
 require 'spec_helper'
 
-RSpec.describe ApplicationCable::Connection, :clean_gitlab_redis_shared_state do
+RSpec.describe ApplicationCable::Connection do
+  RSpec.shared_examples_for 'ApplicationCable::Connection' do
     let(:session_id) { Rack::Session::SessionId.new('6919a6f1bb119dd7396fadc38fd18d0d') }
 
     context 'when session cookie is set' do
       before do
-      Gitlab::Redis::SharedState.with do |redis|
+        redis_store_class.with do |redis|
           redis.set("session:gitlab:#{session_id.private_id}", Marshal.dump(session_hash))
         end
 
@@ -64,4 +65,7 @@ RSpec.describe ApplicationCable::Connection, :clean_gitlab_redis_shared_state do
         expect(connection.current_user).to be_nil
       end
     end
+  end
+
+  it_behaves_like 'redis sessions store', 'ApplicationCable::Connection'
 end

spec/features/users/active_sessions_spec.rb

@@ -2,7 +2,8 @@
 
 require 'spec_helper'
 
-RSpec.describe 'Active user sessions', :clean_gitlab_redis_shared_state do
+RSpec.describe 'Active user sessions' do
+  RSpec.shared_examples_for 'active user sessions' do
     it 'successful login adds a new active user login' do
       now = Time.zone.parse('2018-03-12 09:06')
       Timecop.freeze(now) do
@@ -29,13 +30,13 @@ RSpec.describe 'Active user sessions', :clean_gitlab_redis_shared_state do
     it 'successful login cleans up obsolete entries' do
       user = create(:user)
 
-    Gitlab::Redis::SharedState.with do |redis|
+      redis_store_class.with do |redis|
         redis.sadd("session:lookup:user:gitlab:#{user.id}", '59822c7d9fcdfa03725eff41782ad97d')
       end
 
       gitlab_sign_in(user)
 
-    Gitlab::Redis::SharedState.with do |redis|
+      redis_store_class.with do |redis|
         expect(redis.smembers("session:lookup:user:gitlab:#{user.id}")).not_to include '59822c7d9fcdfa03725eff41782ad97d'
       end
     end
@@ -44,14 +45,14 @@ RSpec.describe 'Active user sessions', :clean_gitlab_redis_shared_state do
       user = create(:user)
       personal_access_token = create(:personal_access_token, user: user)
 
-    Gitlab::Redis::SharedState.with do |redis|
+      redis_store_class.with do |redis|
         redis.sadd("session:lookup:user:gitlab:#{user.id}", '59822c7d9fcdfa03725eff41782ad97d')
       end
 
       visit user_path(user, :atom, private_token: personal_access_token.token)
       expect(page.status_code).to eq 200
 
-    Gitlab::Redis::SharedState.with do |redis|
+      redis_store_class.with do |redis|
         expect(redis.smembers("session:lookup:user:gitlab:#{user.id}")).to include '59822c7d9fcdfa03725eff41782ad97d'
       end
     end
@@ -68,4 +69,7 @@ RSpec.describe 'Active user sessions', :clean_gitlab_redis_shared_state do
 
       expect(ActiveSession.list(user)).to be_empty
     end
+  end
+
+  it_behaves_like 'redis sessions store', 'active user sessions'
 end

spec/features/users/anonymous_sessions_spec.rb

@@ -2,9 +2,10 @@
 
 require 'spec_helper'
 
-RSpec.describe 'Session TTLs', :clean_gitlab_redis_shared_state do
+RSpec.describe 'Session TTLs' do
   include SessionHelpers
 
+  RSpec.shared_examples_for 'session ttls' do
     it 'creates a session with a short TTL when login fails' do
       visit new_user_session_path
       # The session key only gets created after a post
@@ -14,7 +15,7 @@ RSpec.describe 'Session TTLs', :clean_gitlab_redis_shared_state do
 
       expect(page).to have_content('Invalid login or password')
 
-    expect_single_session_with_short_ttl
+      expect_single_session_with_short_ttl(redis_store_class)
     end
 
     it 'increases the TTL when the login succeeds' do
@@ -23,7 +24,7 @@ RSpec.describe 'Session TTLs', :clean_gitlab_redis_shared_state do
 
       expect(page).to have_content(user.name)
 
-    expect_single_session_with_authenticated_ttl
+      expect_single_session_with_authenticated_ttl(redis_store_class)
     end
 
     context 'with an unauthorized project' do
@@ -32,8 +33,11 @@ RSpec.describe 'Session TTLs', :clean_gitlab_redis_shared_state do
       it 'creates a session with a short TTL' do
         visit project_raw_path(project, 'master/README.md')
 
-      expect_single_session_with_short_ttl
+        expect_single_session_with_short_ttl(redis_store_class)
         expect(page).to have_current_path(new_user_session_path)
       end
     end
+  end
+
+  it_behaves_like 'redis sessions store', 'session ttls'
 end

spec/features/users/login_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe 'Login', :clean_gitlab_redis_shared_state do
+RSpec.describe 'Login' do
   include TermsHelper
   include UserLoginHelper
   include SessionHelpers
@@ -11,6 +11,11 @@ RSpec.describe 'Login', :clean_gitlab_redis_shared_state do
     stub_authentication_activity_metrics(debug: true)
   end
 
+  RSpec.shared_examples_for 'login' do
+    before do
+      load Rails.root.join('config/initializers/session_store.rb')
+    end
+
     describe 'password reset token after successful sign in' do
       it 'invalidates password reset token' do
         expect(authentication_metrics)
@@ -60,7 +65,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_shared_state do
         fill_in 'user_password', with: 'password'
         click_button 'Sign in'
 
-      expect_single_session_with_authenticated_ttl
+        expect_single_session_with_authenticated_ttl(redis_store_class)
         expect(current_path).to eq root_path
       end
 
@@ -84,7 +89,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_shared_state do
         expect(page).to have_content('Your account has been blocked.')
       end
 
-    it 'does not update Devise trackable attributes', :clean_gitlab_redis_shared_state do
+      it 'does not update Devise trackable attributes' do
         expect(authentication_metrics)
           .to increment(:user_blocked_counter)
           .and increment(:user_unauthenticated_counter)
@@ -161,7 +166,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_shared_state do
         expect(page).to have_content('Invalid login or password.')
       end
 
-    it 'does not update Devise trackable attributes', :clean_gitlab_redis_shared_state do
+      it 'does not update Devise trackable attributes' do
         expect(authentication_metrics)
           .to increment(:user_unauthenticated_counter)
           .and increment(:user_password_invalid_counter)
@@ -206,7 +211,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_shared_state do
           enter_code(user.current_otp)
 
           expect(page).not_to have_content(I18n.t('devise.failure.already_authenticated'))
-        expect_single_session_with_authenticated_ttl
+          expect_single_session_with_authenticated_ttl(redis_store_class)
         end
 
         it 'does not allow sign-in if the user password is updated before entering a one-time code' do
@@ -225,7 +230,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_shared_state do
 
             enter_code(user.current_otp)
 
-          expect_single_session_with_authenticated_ttl
+            expect_single_session_with_authenticated_ttl(redis_store_class)
             expect(current_path).to eq root_path
           end
 
@@ -254,7 +259,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_shared_state do
 
             enter_code(user.current_otp)
 
-          expect_single_session_with_authenticated_ttl
+            expect_single_session_with_authenticated_ttl(redis_store_class)
             expect(current_path).to eq root_path
           end
 
@@ -371,7 +376,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_shared_state do
 
             sign_in_using_saml!
 
-          expect_single_session_with_authenticated_ttl
+            expect_single_session_with_authenticated_ttl(redis_store_class)
             expect(page).not_to have_content('Two-Factor Authentication')
             expect(current_path).to eq root_path
           end
@@ -390,7 +395,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_shared_state do
 
             enter_code(user.current_otp)
 
-          expect_single_session_with_authenticated_ttl
+            expect_single_session_with_authenticated_ttl(redis_store_class)
             expect(current_path).to eq root_path
           end
         end
@@ -411,7 +416,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_shared_state do
 
           gitlab_sign_in(user)
 
-        expect_single_session_with_authenticated_ttl
+          expect_single_session_with_authenticated_ttl(redis_store_class)
           expect(current_path).to eq root_path
           expect(page).not_to have_content(I18n.t('devise.failure.already_authenticated'))
         end
@@ -423,7 +428,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_shared_state do
           gitlab_sign_in(user)
           visit new_user_session_path
 
-        expect_single_session_with_authenticated_ttl
+          expect_single_session_with_authenticated_ttl(redis_store_class)
           expect(page).not_to have_content(I18n.t('devise.failure.already_authenticated'))
         end
 
@@ -465,7 +470,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_shared_state do
 
           gitlab_sign_in(user)
 
-        expect_single_session_with_short_ttl
+          expect_single_session_with_short_ttl(redis_store_class)
           expect(page).to have_content('Invalid login or password.')
         end
       end
@@ -952,4 +957,7 @@ RSpec.describe 'Login', :clean_gitlab_redis_shared_state do
         end
       end
     end
+  end
+
+  it_behaves_like 'redis sessions store', 'login'
 end

spec/initializers/session_store_spec.rb

@@ -10,25 +10,37 @@ RSpec.describe 'Session initializer for GitLab' do
   end
 
   describe 'config#session_store' do
-    context 'when the GITLAB_REDIS_STORE_WITH_SESSION_STORE env is not set' do
+    context 'when the GITLAB_USE_REDIS_SESSIONS_STORE env is not set' do
       before do
-        stub_env('GITLAB_REDIS_STORE_WITH_SESSION_STORE', nil)
+        stub_env('GITLAB_USE_REDIS_SESSIONS_STORE', nil)
       end
 
-      it 'initialized as a redis_store with a proper Redis::Store instance' do
+      it 'initialized with Multistore as ENV var defaults to true' do
         expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(redis_store: kind_of(::Redis::Store)))
 
         load_session_store
       end
     end
 
-    context 'when the GITLAB_REDIS_STORE_WITH_SESSION_STORE env is disabled' do
+    context 'when the GITLAB_USE_REDIS_SESSIONS_STORE env is disabled' do
       before do
-        stub_env('GITLAB_REDIS_STORE_WITH_SESSION_STORE', false)
+        stub_env('GITLAB_USE_REDIS_SESSIONS_STORE', false)
       end
 
       it 'initialized as a redis_store with a proper servers configuration' do
-        expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(servers: kind_of(Hash)))
+        expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(redis_store: kind_of(Redis::Store)))
+
+        load_session_store
+      end
+    end
+
+    context 'when the GITLAB_USE_REDIS_SESSIONS_STORE env is enabled' do
+      before do
+        stub_env('GITLAB_USE_REDIS_SESSIONS_STORE', true)
+      end
+
+      it 'initialized as a redis_store with a proper servers configuration' do
+        expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(redis_store: kind_of(::Redis::Store)))
 
         load_session_store
       end

spec/lib/gitlab/anonymous_session_spec.rb

@@ -2,7 +2,7 @@
 
 require 'spec_helper'
 
-RSpec.describe Gitlab::AnonymousSession, :clean_gitlab_redis_shared_state do
+RSpec.describe Gitlab::AnonymousSession do
   let(:default_session_id) { '6919a6f1bb119dd7396fadc38fd18d0d' }
   let(:additional_session_id) { '7919a6f1bb119dd7396fadc38fd18d0d' }
 
@@ -12,11 +12,12 @@ RSpec.describe Gitlab::AnonymousSession, :clean_gitlab_redis_shared_state do
     described_class.new('127.0.0.1')
   end
 
+  RSpec.shared_examples_for 'anonymous sessions' do
     describe '#store_session_ip' do
       it 'adds session id to proper key' do
         subject.count_session_ip
 
-      Gitlab::Redis::SharedState.with do |redis|
+        redis_store_class.with do |redis|
           expect(redis.get("session:lookup:ip:gitlab2:127.0.0.1").to_i).to eq 1
         end
       end
@@ -25,7 +26,7 @@ RSpec.describe Gitlab::AnonymousSession, :clean_gitlab_redis_shared_state do
         freeze_time do
           subject.count_session_ip
 
-        Gitlab::Redis::SharedState.with do |redis|
+          redis_store_class.with do |redis|
             expect(redis.ttl("session:lookup:ip:gitlab2:127.0.0.1")).to eq(24.hours.to_i)
           end
         end
@@ -36,7 +37,7 @@ RSpec.describe Gitlab::AnonymousSession, :clean_gitlab_redis_shared_state do
           subject.count_session_ip
           new_anonymous_session.count_session_ip
 
-        Gitlab::Redis::SharedState.with do |redis|
+          redis_store_class.with do |redis|
             expect(redis.get("session:lookup:ip:gitlab2:127.0.0.1").to_i).to eq(2)
           end
         end
@@ -45,7 +46,7 @@ RSpec.describe Gitlab::AnonymousSession, :clean_gitlab_redis_shared_state do
 
     describe '#stored_sessions' do
       it 'returns all anonymous sessions per ip' do
-      Gitlab::Redis::SharedState.with do |redis|
+        redis_store_class.with do |redis|
           redis.set("session:lookup:ip:gitlab2:127.0.0.1", 2)
         end
 
@@ -54,14 +55,17 @@ RSpec.describe Gitlab::AnonymousSession, :clean_gitlab_redis_shared_state do
     end
 
     it 'removes obsolete lookup through ip entries' do
-    Gitlab::Redis::SharedState.with do |redis|
+      redis_store_class.with do |redis|
         redis.set("session:lookup:ip:gitlab2:127.0.0.1", 2)
       end
 
       subject.cleanup_session_per_ip_count
 
-    Gitlab::Redis::SharedState.with do |redis|
+      redis_store_class.with do |redis|
         expect(redis.exists("session:lookup:ip:gitlab2:127.0.0.1")).to eq(false)
       end
     end
+  end
+
+  it_behaves_like 'redis sessions store', 'anonymous sessions'
 end

spec/lib/gitlab/redis/sessions_spec.rb

@@ -4,4 +4,54 @@ require 'spec_helper'
 
 RSpec.describe Gitlab::Redis::Sessions do
   include_examples "redis_new_instance_shared_examples", 'sessions', Gitlab::Redis::SharedState
+
+  describe 'redis instance used in connection pool' do
+    before do
+      clear_pool
+    end
+
+    context 'when redis.sessions configuration is not provided' do
+      it 'uses ::Redis instance' do
+        expect(described_class).to receive(:config_fallback?).and_return(true)
+
+        described_class.pool.with do |redis_instance|
+          expect(redis_instance).to be_instance_of(::Redis)
+        end
+      end
+    end
+
+    context 'when redis.sessions configuration is provided' do
+      it 'instantiates an instance of MultiStore' do
+        expect(described_class).to receive(:config_fallback?).and_return(false)
+
+        described_class.pool.with do |redis_instance|
+          expect(redis_instance).to be_instance_of(::Gitlab::Redis::MultiStore)
+        end
+      end
+    end
+
+    def clear_pool
+      described_class.remove_instance_variable(:@pool)
+    rescue NameError
+      # raised if @pool was not set; ignore
+    end
+  end
+
+  describe '#store' do
+    subject { described_class.store(namespace: described_class::SESSION_NAMESPACE) }
+
+    context 'when redis.sessions configuration is provided' do
+      it 'instantiates ::Redis instance' do
+        expect(described_class).to receive(:config_fallback?).and_return(true)
+        expect(subject).to be_instance_of(::Redis::Store)
+      end
+    end
+
+    context 'when redis.sessions configuration is not provided' do
+      it 'instantiates an instance of MultiStore' do
+        expect(described_class).to receive(:config_fallback?).and_return(false)
+        expect(subject).to be_instance_of(::Gitlab::Redis::MultiStore)
+      end
+    end
+  end
 end

spec/requests/api/commits_spec.rb

@@ -376,12 +376,13 @@ RSpec.describe API::Commits do
         end
       end
 
+      RSpec.shared_examples_for 'warden user session' do
         context 'when using warden' do
-        it 'increments usage counters', :clean_gitlab_redis_shared_state do
+          it 'increments usage counters' do
             session_id = Rack::Session::SessionId.new('6919a6f1bb119dd7396fadc38fd18d0d')
             session_hash = { 'warden.user.user.key' => [[user.id], user.encrypted_password[0, 29]] }
 
-          Gitlab::Redis::SharedState.with do |redis|
+            redis_store_class.with do |redis|
               redis.set("session:gitlab:#{session_id.private_id}", Marshal.dump(session_hash))
             end
 
@@ -393,6 +394,9 @@ RSpec.describe API::Commits do
             post api(url), params: valid_c_params
           end
         end
+      end
+
+      it_behaves_like 'redis sessions store', 'warden user session'
 
       context 'a new file in project repo' do
         before do

spec/support/helpers/session_helpers.rb

 # frozen_string_literal: true
 
 module SessionHelpers
-  def expect_single_session_with_authenticated_ttl
-    expect_single_session_with_expiration(Settings.gitlab['session_expire_delay'] * 60)
+  def expect_single_session_with_authenticated_ttl(redis_store_class)
+    expect_single_session_with_expiration(redis_store_class, Settings.gitlab['session_expire_delay'] * 60)
   end
 
-  def expect_single_session_with_short_ttl
-    expect_single_session_with_expiration(Settings.gitlab['unauthenticated_session_expire_delay'])
+  def expect_single_session_with_short_ttl(redis_store_class)
+    expect_single_session_with_expiration(redis_store_class, Settings.gitlab['unauthenticated_session_expire_delay'])
   end
 
-  def expect_single_session_with_expiration(expiration)
-    session_keys = get_session_keys
+  def expect_single_session_with_expiration(redis_store_class, expiration)
+    session_keys = get_session_keys(redis_store_class)
 
     expect(session_keys.size).to eq(1)
-    expect(get_ttl(session_keys.first)).to be_within(5).of(expiration)
+    expect(get_ttl(redis_store_class, session_keys.first)).to be_within(5).of(expiration)
   end
 
-  def get_session_keys
-    Gitlab::Redis::SharedState.with { |redis| redis.scan_each(match: 'session:gitlab:*').to_a }
+  def get_session_keys(redis_store_class)
+    redis_store_class.with { |redis| redis.scan_each(match: 'session:gitlab:*').to_a }
   end
 
-  def get_ttl(key)
-    Gitlab::Redis::SharedState.with { |redis| redis.ttl(key) }
+  def get_ttl(redis_store_class, key)
+    redis_store_class.with { |redis| redis.ttl(key) }
   end
 end

spec/support/redis/redis_shared_examples.rb

@@ -93,18 +93,23 @@ RSpec.shared_examples "redis_shared_examples" do
     subject { described_class.new(rails_env).store }
 
     shared_examples 'redis store' do
+      let(:redis_store) { ::Redis::Store }
+      let(:redis_store_to_s) { "Redis Client connected to #{host} against DB #{redis_database}" }
+
       it 'instantiates Redis::Store' do
-        is_expected.to be_a(::Redis::Store)
-        expect(subject.to_s).to eq("Redis Client connected to #{host} against DB #{redis_database}")
+        is_expected.to be_a(redis_store)
+
+        expect(subject.to_s).to eq(redis_store_to_s)
       end
 
       context 'with the namespace' do
         let(:namespace) { 'namespace_name' }
+        let(:redis_store_to_s) { "Redis Client connected to #{host} against DB #{redis_database} with namespace #{namespace}" }
 
         subject { described_class.new(rails_env).store(namespace: namespace) }
 
         it "uses specified namespace" do
-          expect(subject.to_s).to eq("Redis Client connected to #{host} against DB #{redis_database} with namespace #{namespace}")
+          expect(subject.to_s).to eq(redis_store_to_s)
         end
       end
     end

spec/support/shared_examples/lib/gitlab/redis/redis_sessions_store_shared_examples.rb

+# frozen_string_literal: true
+
+RSpec.shared_examples 'redis sessions store' do |example|
+  context 'when ENV[GITLAB_USE_REDIS_SESSIONS_STORE] is true', :clean_gitlab_redis_sessions do
+    before do
+      stub_env('GITLAB_USE_REDIS_SESSIONS_STORE', 'true')
+    end
+
+    it_behaves_like example do
+      let(:redis_store_class) { Gitlab::Redis::Sessions }
+    end
+  end
+
+  context 'when ENV[GITLAB_USE_REDIS_SESSIONS_STORE] is false', :clean_gitlab_redis_shared_state do
+    before do
+      stub_env('GITLAB_USE_REDIS_SESSIONS_STORE', 'false')
+    end
+
+    it_behaves_like example do
+      let(:redis_store_class) { Gitlab::Redis::SharedState }
+    end
+  end
+end

spec/support/shared_examples/requests/api/graphql/mutations/snippets_shared_examples.rb

@@ -18,19 +18,20 @@ RSpec.shared_examples 'snippet edit usage data counters' do
     end
   end
 
+  RSpec.shared_examples_for 'sessionless user' do
     context 'when user is not sessionless' do
       before do
         session_id = Rack::Session::SessionId.new('6919a6f1bb119dd7396fadc38fd18d0d')
         session_hash = { 'warden.user.user.key' => [[current_user.id], current_user.encrypted_password[0, 29]] }
 
-      Gitlab::Redis::SharedState.with do |redis|
+        redis_store_class.with do |redis|
           redis.set("session:gitlab:#{session_id.private_id}", Marshal.dump(session_hash))
         end
 
         cookies[Gitlab::Application.config.session_options[:key]] = session_id.public_id
       end
 
-    it 'tracks usage data actions', :clean_gitlab_redis_shared_state do
+      it 'tracks usage data actions' do
         expect(::Gitlab::UsageDataCounters::EditorUniqueCounter).to receive(:track_snippet_editor_edit_action)
 
         post_graphql_mutation(mutation)
@@ -46,4 +47,7 @@ RSpec.shared_examples 'snippet edit usage data counters' do
         end
       end
     end
+  end
+
+  it_behaves_like 'redis sessions store', 'sessionless user'
 end

spec/tasks/gitlab/cleanup_rake_spec.rb

@@ -3,6 +3,7 @@
 require 'rake_helper'
 
 RSpec.describe 'gitlab:cleanup rake tasks', :silence_stdout do
+  RSpec.shared_examples_for 'rake gitlab:cleanup' do
     before do
       Rake.application.rake_require 'tasks/gitlab/cleanup'
     end
@@ -166,14 +167,14 @@ RSpec.describe 'gitlab:cleanup rake tasks', :silence_stdout do
     end
 
     context 'sessions' do
-    describe 'gitlab:cleanup:sessions:active_sessions_lookup_keys', :clean_gitlab_redis_shared_state do
+      describe 'gitlab:cleanup:sessions:active_sessions_lookup_keys' do
         subject(:rake_task) { run_rake_task('gitlab:cleanup:sessions:active_sessions_lookup_keys') }
 
         let!(:user) { create(:user) }
         let(:existing_session_id) { '5' }
 
         before do
-        Gitlab::Redis::SharedState.with do |redis|
+          redis_store_class.with do |redis|
             redis.set("session:user:gitlab:#{user.id}:#{existing_session_id}",
                       Marshal.dump(true))
             redis.sadd("session:lookup:user:gitlab:#{user.id}", (1..10).to_a)
@@ -185,7 +186,7 @@ RSpec.describe 'gitlab:cleanup rake tasks', :silence_stdout do
         end
 
         it 'removes expired active session lookup keys' do
-        Gitlab::Redis::SharedState.with do |redis|
+          redis_store_class.with do |redis|
             lookup_key = "session:lookup:user:gitlab:#{user.id}"
             expect { subject }.to change { redis.scard(lookup_key) }.from(10).to(1)
             expect(redis.smembers("session:lookup:user:gitlab:#{user.id}")).to(
@@ -194,4 +195,7 @@ RSpec.describe 'gitlab:cleanup rake tasks', :silence_stdout do
         end
       end
     end
+  end
+
+  it_behaves_like 'redis sessions store', 'rake gitlab:cleanup'
 end