diff options
Diffstat (limited to 'config/initializers/session_store.rb')
-rw-r--r-- | config/initializers/session_store.rb | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 733ad94240a..7f410d7bf7b 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -31,12 +31,16 @@ cookie_key = if Rails.env.development? store = Gitlab::Redis::Sessions.store(namespace: Gitlab::Redis::Sessions::SESSION_NAMESPACE) -Gitlab::Application.config.session_store( - :redis_store, # Using the cookie_store would enable session replay attacks. - redis_store: store, - key: cookie_key, - secure: Gitlab.config.gitlab.https, - httponly: true, - expires_in: Settings.gitlab['session_expire_delay'] * 60, - path: Rails.application.config.relative_url_root.presence || '/' -) +Rails.application.configure do + config.session_store( + :redis_store, # Using the cookie_store would enable session replay attacks. + redis_store: store, + key: cookie_key, + secure: Gitlab.config.gitlab.https, + httponly: true, + expires_in: Settings.gitlab['session_expire_delay'] * 60, + path: Rails.application.config.relative_url_root.presence || '/' + ) + + config.middleware.insert_after ActionDispatch::Session::RedisStore, Gitlab::Middleware::UnauthenticatedSessionExpiry +end |