diff options
author | Douwe Maan <douwe@gitlab.com> | 2017-06-01 17:59:35 +0300 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2017-06-01 17:59:35 +0300 |
commit | 6f14a3ea6ba711259dc1ae4da374d032ca49ad17 (patch) | |
tree | d310435e911bd137bb5cd1bb68cb8b5e864e5d1c /config | |
parent | 0218a0bd2308eaa1b968cc0e0c68fdb88788df56 (diff) | |
parent | 0087f939892e9eef5a642b84615ada6c0cdbdcd6 (diff) |
Merge branch '31644-make-cookie-sessions-unique' into 'master'
Update session cookie key name to be unique to instance in development
Closes #31644
See merge request !11839
Diffstat (limited to 'config')
-rw-r--r-- | config/initializers/session_store.rb | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 70be2617cab..8919f7640fe 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -10,6 +10,12 @@ rescue Settings.gitlab['session_expire_delay'] ||= 10080 end +cookie_key = if Rails.env.development? + "_gitlab_session_#{Digest::SHA256.hexdigest(Rails.root.to_s)}" + else + "_gitlab_session" + end + if Rails.env.test? Gitlab::Application.config.session_store :cookie_store, key: "_gitlab_session" else @@ -19,7 +25,7 @@ else Gitlab::Application.config.session_store( :redis_store, # Using the cookie_store would enable session replay attacks. servers: redis_config, - key: '_gitlab_session', + key: cookie_key, secure: Gitlab.config.gitlab.https, httponly: true, expires_in: Settings.gitlab['session_expire_delay'] * 60, |