Set different session cookie for Geo secondaries

To support the secondary proxying the primary while also serving and doing authentication on the secondary itself, the sites need to have different session cookies in order to not overwrite each other. As the primary site and the secondary site don't share the same session state, when the cookie used on one site, is used with the exact same name on the other site, it overwrites the content, effectively logging out each other. Changelog: changed EE: true

Set different session cookie for Geo secondaries
To support the secondary proxying the primary while also serving and doing authentication on the secondary itself, the sites need to have different session cookies in order to not overwrite each other. As the primary site and the secondary site don't share the same session state, when the cookie used on one site, is used with the exact same name on the other site, it overwrites the content, effectively logging out each other. Changelog: changed EE: true
4653ff48 · Catalin Irimie · Douglas Barbosa Alexandre · 79837d18 · 4653ff48 · 4653ff48
Commit 4653ff48 authored Sep 07, 2021 by Catalin Irimie Committed by Douglas Barbosa Alexandre Sep 14, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 62 additions and 0 deletions

config/initializers/session_store.rb config/initializers/session_store.rb +2 -0

ee/spec/initializers/session_store_spec.rb ee/spec/initializers/session_store_spec.rb +60 -0

No files found.
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -13,6 +13,8 @@ end

 cookie_key = if Rails.env.development?
               "_gitlab_session_#{Digest::SHA256.hexdigest(Rails.root.to_s)}"
+             elsif ::Gitlab.ee? && ::Gitlab::Geo.connected? && ::Gitlab::Geo.secondary?
+               "_gitlab_session_geo_#{Digest::SHA256.hexdigest(GeoNode.current_node_name)}"
             else
               "_gitlab_session"
             end

--- a/ee/spec/initializers/session_store_spec.rb
+++ b/ee/spec/initializers/session_store_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'Session initializer for GitLab EE' do
+  subject { Gitlab::Application.config }
+
+  let(:load_session_store) do
+    load Rails.root.join('config/initializers/session_store.rb')
+  end
+
+  describe 'config#session_store' do
+    shared_examples 'normal session cookie' do
+      it 'returns the regular cookie without a suffix' do
+        expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(key: '_gitlab_session'))
+
+        load_session_store
+      end
+    end
+
+    context 'no database connection' do
+      before do
+        allow(Gitlab::Geo).to receive(:connected?).and_return(false)
+      end
+
+      it_behaves_like 'normal session cookie'
+    end
+
+    context 'Geo is disabled' do
+      before do
+        allow(Gitlab::Geo).to receive(:enabled?).and_return(false)
+      end
+
+      it_behaves_like 'normal session cookie'
+    end
+
+    context 'current node is a Geo primary' do
+      before do
+        allow(Gitlab::Geo).to receive(:secondary?).and_return(false)
+      end
+
+      it_behaves_like 'normal session cookie'
+    end
+
+    context 'current node is a Geo secondary' do
+      before do
+        allow(Gitlab::Geo).to receive(:secondary?).and_return(true)
+      end
+
+      it 'returns a geo specific cookie' do
+        expect(subject).to receive(:session_store).with(
+          :redis_store,
+          a_hash_including(key: /_gitlab_session_geo_[0-9a-f]{64}/)
+        )
+
+        load_session_store
+      end
+    end
+  end
+end