Commit 6f14a3ea authored by Douwe Maan's avatar Douwe Maan

Merge branch '31644-make-cookie-sessions-unique' into 'master'

Update session cookie key name to be unique to instance in development

Closes #31644

See merge request !11839
parents 0218a0bd 0087f939
---
title: Update session cookie key name to be unique to instance in development
merge_request:
author:
...@@ -10,6 +10,12 @@ rescue ...@@ -10,6 +10,12 @@ rescue
Settings.gitlab['session_expire_delay'] ||= 10080 Settings.gitlab['session_expire_delay'] ||= 10080
end end
cookie_key = if Rails.env.development?
"_gitlab_session_#{Digest::SHA256.hexdigest(Rails.root.to_s)}"
else
"_gitlab_session"
end
if Rails.env.test? if Rails.env.test?
Gitlab::Application.config.session_store :cookie_store, key: "_gitlab_session" Gitlab::Application.config.session_store :cookie_store, key: "_gitlab_session"
else else
...@@ -19,7 +25,7 @@ else ...@@ -19,7 +25,7 @@ else
Gitlab::Application.config.session_store( Gitlab::Application.config.session_store(
:redis_store, # Using the cookie_store would enable session replay attacks. :redis_store, # Using the cookie_store would enable session replay attacks.
servers: redis_config, servers: redis_config,
key: '_gitlab_session', key: cookie_key,
secure: Gitlab.config.gitlab.https, secure: Gitlab.config.gitlab.https,
httponly: true, httponly: true,
expires_in: Settings.gitlab['session_expire_delay'] * 60, expires_in: Settings.gitlab['session_expire_delay'] * 60,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment