diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2019-10-25 03:06:14 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2019-10-25 03:06:14 +0300 |
| commit | 6d43720a1a86ccca9618417a6d0415e7d522fa49 (patch) | |
| tree | ceab63f6374252b8afe4913b949bae39a027366f /app/controllers/application_controller.rb | |
| parent | 46bfa73d93786bc2a832be7e42e2119712a0bafb (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/controllers/application_controller.rb')
| -rw-r--r-- | app/controllers/application_controller.rb | 21 |
1 files changed, 2 insertions, 19 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 1443a71f6b1..c600b45c8b7 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -12,6 +12,7 @@ class ApplicationController < ActionController::Base include EnforcesTwoFactorAuthentication include WithPerformanceBar include SessionlessAuthentication + include SessionsHelper include ConfirmEmailWarning include Gitlab::Tracking::ControllerConcern include Gitlab::Experimentation::ControllerConcern @@ -35,7 +36,7 @@ class ApplicationController < ActionController::Base around_action :set_session_storage after_action :set_page_title_header, if: :json_request? - after_action :limit_unauthenticated_session_times + after_action :limit_session_time, if: -> { !current_user } protect_from_forgery with: :exception, prepend: true @@ -101,24 +102,6 @@ class ApplicationController < ActionController::Base end end - # By default, all sessions are given the same expiration time configured in - # the session store (e.g. 1 week). However, unauthenticated users can - # generate a lot of sessions, primarily for CSRF verification. It makes - # sense to reduce the TTL for unauthenticated to something much lower than - # the default (e.g. 1 hour) to limit Redis memory. In addition, Rails - # creates a new session after login, so the short TTL doesn't even need to - # be extended. - def limit_unauthenticated_session_times - return if current_user - - # Rack sets this header, but not all tests may have it: https://github.com/rack/rack/blob/fdcd03a3c5a1c51d1f96fc97f9dfa1a9deac0c77/lib/rack/session/abstract/id.rb#L251-L259 - return unless request.env['rack.session.options'] - - # This works because Rack uses these options every time a request is handled: - # https://github.com/rack/rack/blob/fdcd03a3c5a1c51d1f96fc97f9dfa1a9deac0c77/lib/rack/session/abstract/id.rb#L342 - request.env['rack.session.options'][:expire_after] = Settings.gitlab['unauthenticated_session_expire_delay'] - end - def render(*args) super.tap do # Set a header for custom error pages to prevent them from being intercepted by gitlab-workhorse |