Skip to content

G
gitlab-ce
Commit 0087f939 authored by Eric Eastwood's avatar Eric Eastwood
Browse files
Options

Update session cookie key name to be unique to instance in development 

Fix https://gitlab.com/gitlab-org/gitlab-ce/issues/31644
parent dd0f8b8c
Hide whitespace changes
Inline Side-by-side
Showing with 11 additions and 1 deletion
changelogs/unreleased/31644-make-cookie-sessions-unique.yml 0 → 100644
View file @ 0087f939
---
title: Update session cookie key name to be unique to instance in development
merge_request:
author:
config/initializers/session_store.rb
View file @ 0087f939
...@@ -10,6 +10,12 @@ rescue ...@@ -10,6 +10,12 @@ rescue
Settings.gitlab['session_expire_delay'] ||= 10080 Settings.gitlab['session_expire_delay'] ||= 10080
end end
cookie_key = if Rails.env.development?
"_gitlab_session_#{Digest::SHA256.hexdigest(Rails.root.to_s)}"
else
"_gitlab_session"
end
if Rails.env.test? if Rails.env.test?
Gitlab::Application.config.session_store :cookie_store, key: "_gitlab_session" Gitlab::Application.config.session_store :cookie_store, key: "_gitlab_session"
else else
...@@ -19,7 +25,7 @@ else ...@@ -19,7 +25,7 @@ else
Gitlab::Application.config.session_store( Gitlab::Application.config.session_store(
:redis_store, # Using the cookie_store would enable session replay attacks. :redis_store, # Using the cookie_store would enable session replay attacks.
servers: redis_config, servers: redis_config,
key: '_gitlab_session', key: cookie_key,
secure: Gitlab.config.gitlab.https, secure: Gitlab.config.gitlab.https,
httponly: true, httponly: true,
expires_in: Settings.gitlab['session_expire_delay'] * 60, expires_in: Settings.gitlab['session_expire_delay'] * 60,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7