summaryrefslogtreecommitdiff
path: root/config/initializers
diff options
context:
space:
mode:
Diffstat (limited to 'config/initializers')
-rw-r--r--config/initializers/session_store.rb26
-rw-r--r--config/initializers/warden.rb12
2 files changed, 23 insertions, 15 deletions
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index f2fde1e0048..da24881885e 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -15,19 +15,15 @@ cookie_key = if Rails.env.development?
"_gitlab_session"
end
-if Rails.env.test?
- Gitlab::Application.config.session_store :cookie_store, key: "_gitlab_session"
-else
- sessions_config = Gitlab::Redis::SharedState.params
- sessions_config[:namespace] = Gitlab::Redis::SharedState::SESSION_NAMESPACE
+sessions_config = Gitlab::Redis::SharedState.params
+sessions_config[:namespace] = Gitlab::Redis::SharedState::SESSION_NAMESPACE
- Gitlab::Application.config.session_store(
- :redis_store, # Using the cookie_store would enable session replay attacks.
- servers: sessions_config,
- key: cookie_key,
- secure: Gitlab.config.gitlab.https,
- httponly: true,
- expires_in: Settings.gitlab['session_expire_delay'] * 60,
- path: Rails.application.config.relative_url_root.nil? ? '/' : Gitlab::Application.config.relative_url_root
- )
-end
+Gitlab::Application.config.session_store(
+ :redis_store, # Using the cookie_store would enable session replay attacks.
+ servers: sessions_config,
+ key: cookie_key,
+ secure: Gitlab.config.gitlab.https,
+ httponly: true,
+ expires_in: Settings.gitlab['session_expire_delay'] * 60,
+ path: Rails.application.config.relative_url_root.nil? ? '/' : Gitlab::Application.config.relative_url_root
+)
diff --git a/config/initializers/warden.rb b/config/initializers/warden.rb
index ee034d21eae..bf079f8e1a7 100644
--- a/config/initializers/warden.rb
+++ b/config/initializers/warden.rb
@@ -6,4 +6,16 @@ Rails.application.configure do |config|
Warden::Manager.before_failure do |env, opts|
Gitlab::Auth::BlockedUserTracker.log_if_user_blocked(env)
end
+
+ Warden::Manager.after_authentication do |user, auth, opts|
+ ActiveSession.cleanup(user)
+ end
+
+ Warden::Manager.after_set_user only: :fetch do |user, auth, opts|
+ ActiveSession.set(user, auth.request)
+ end
+
+ Warden::Manager.before_logout do |user, auth, opts|
+ ActiveSession.destroy(user || auth.user, auth.request.session.id)
+ end
end
View Lorry Controller Status