Update session cookie key name to be unique to instance in development

Fix https://gitlab.com/gitlab-org/gitlab-ce/issues/31644
author: Eric Eastwood <contact@ericeastwood.com> 2017-06-01 09:15:58 +0300
committer: Eric Eastwood <contact@ericeastwood.com> 2017-06-01 16:27:40 +0300
commit: 0087f939892e9eef5a642b84615ada6c0cdbdcd6 (patch)
tree: 4b996c97d00a33f2a793466e5518191321b8da08 /config
parent: dd0f8b8ccc3b5f61e31703f7391a919b702934a5 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 70be2617cab..8919f7640fe 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -10,6 +10,12 @@ rescue
   Settings.gitlab['session_expire_delay'] ||= 10080
 end
 
+cookie_key = if Rails.env.development?
+               "_gitlab_session_#{Digest::SHA256.hexdigest(Rails.root.to_s)}"
+             else
+               "_gitlab_session"
+             end
+
 if Rails.env.test?
   Gitlab::Application.config.session_store :cookie_store, key: "_gitlab_session"
 else
@@ -19,7 +25,7 @@ else
   Gitlab::Application.config.session_store(
     :redis_store, # Using the cookie_store would enable session replay attacks.
     servers: redis_config,
-    key: '_gitlab_session',
+    key: cookie_key,
     secure: Gitlab.config.gitlab.https,
     httponly: true,
     expires_in: Settings.gitlab['session_expire_delay'] * 60,
author	Eric Eastwood <contact@ericeastwood.com>	2017-06-01 09:15:58 +0300
committer	Eric Eastwood <contact@ericeastwood.com>	2017-06-01 16:27:40 +0300
commit	0087f939892e9eef5a642b84615ada6c0cdbdcd6 (patch)
tree	4b996c97d00a33f2a793466e5518191321b8da08 /config
parent	dd0f8b8ccc3b5f61e31703f7391a919b702934a5 (diff)