Merge branch 'cookies-in-redis' of /home/git/repositories/gitlab/gitlabhq

fdd64bf3 · Dmitriy Zaporozhets · 41f63acc · ba7c1764 · fdd64bf3 · fdd64bf3
Commit fdd64bf3 authored Oct 14, 2013 by Dmitriy Zaporozhets
Show whitespace changes
Inline Side-by-side

Showing with 8 additions and 9 deletions

CHANGELOG CHANGELOG +1 -0

config/initializers/session_store.rb config/initializers/session_store.rb +7 -9

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -14,6 +14,7 @@ v 6.2.0
  - Extended User API to expose admin and can_create_group for user creation/updating (Boyan Tabakov)
  - API: Remove group
  - Avatar upload on profile page with a maximum of 200KB (Steven Thonus)
+  - Store the sessions in Redis instead of the cookie store
 v 6.1.0
  - Project specific IDs for issues, mr, milestones

--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
 # Be sure to restart your server when you modify this file.
-Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session',
+Gitlab::Application.config.session_store(
+  :redis_store, # Using the cookie_store would enable session replay attacks.
+  key: '_gitlab_session',
  secure: Gitlab::Application.config.force_ssl,
  httponly: true,
  path: (Rails.application.config.relative_url_root.nil?) ? '/' : Rails.application.config.relative_url_root
+)
-# Use the database for sessions instead of the cookie-based default,
-# which shouldn't be used to store highly confidential information
-# (create the session table with "rails generate session_migration")
-# Gitlab::Application.config.session_store :active_record_store