summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEric Eastwood <contact@ericeastwood.com>2017-06-01 01:15:58 -0500
committerEric Eastwood <contact@ericeastwood.com>2017-06-01 08:27:40 -0500
commit0087f939892e9eef5a642b84615ada6c0cdbdcd6 (patch)
tree4b996c97d00a33f2a793466e5518191321b8da08
parentdd0f8b8ccc3b5f61e31703f7391a919b702934a5 (diff)
downloadgitlab-ce-31644-make-cookie-sessions-unique.tar.gz
Update session cookie key name to be unique to instance in development31644-make-cookie-sessions-unique
Fix https://gitlab.com/gitlab-org/gitlab-ce/issues/31644
-rw-r--r--changelogs/unreleased/31644-make-cookie-sessions-unique.yml4
-rw-r--r--config/initializers/session_store.rb8
2 files changed, 11 insertions, 1 deletions
diff --git a/changelogs/unreleased/31644-make-cookie-sessions-unique.yml b/changelogs/unreleased/31644-make-cookie-sessions-unique.yml
new file mode 100644
index 00000000000..e9a6a32cf70
--- /dev/null
+++ b/changelogs/unreleased/31644-make-cookie-sessions-unique.yml
@@ -0,0 +1,4 @@
+---
+title: Update session cookie key name to be unique to instance in development
+merge_request:
+author:
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 70be2617cab..8919f7640fe 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -10,6 +10,12 @@ rescue
Settings.gitlab['session_expire_delay'] ||= 10080
end
+cookie_key = if Rails.env.development?
+ "_gitlab_session_#{Digest::SHA256.hexdigest(Rails.root.to_s)}"
+ else
+ "_gitlab_session"
+ end
+
if Rails.env.test?
Gitlab::Application.config.session_store :cookie_store, key: "_gitlab_session"
else
@@ -19,7 +25,7 @@ else
Gitlab::Application.config.session_store(
:redis_store, # Using the cookie_store would enable session replay attacks.
servers: redis_config,
- key: '_gitlab_session',
+ key: cookie_key,
secure: Gitlab.config.gitlab.https,
httponly: true,
expires_in: Settings.gitlab['session_expire_delay'] * 60,