Shorten session TTL of anonymous blob access
GitLab 11.2 limited the time-to-live (TTL) of unauthenticated sessions via https://gitlab.com/gitlab-org/gitlab/merge_requests/6586 using `before_action` in `ApplicationController`. However, this broke OAuth2 logins, which set the `current_user` **after** a login is successful, so we moved it to an `after_action` in https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/21144. However, anonymous users attempting to access a private or internal project would be redirected to the sign-in page with a long session time. This happened because `ApplicationController#route_not_found` would be called by `find_routable!` when a user did not have access to the project. To fix this, we bring back the `before_action` and add a check in `after_action` to bump up the session time if there is a user. Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/340967 Changelog: fixed
Showing
Please register or sign in to comment