Commit 4653ff48 authored by Catalin Irimie's avatar Catalin Irimie Committed by Douglas Barbosa Alexandre

Set different session cookie for Geo secondaries

To support the secondary proxying the primary while also serving
and doing authentication on the secondary itself, the sites need
to have different session cookies in order to not overwrite each other.

As the primary site and the secondary site don't share the same
session state, when the cookie used on one site, is used with
the exact same name on the other site, it overwrites the content,
effectively logging out each other.

Changelog: changed
EE: true
parent 79837d18
...@@ -13,6 +13,8 @@ end ...@@ -13,6 +13,8 @@ end
cookie_key = if Rails.env.development? cookie_key = if Rails.env.development?
"_gitlab_session_#{Digest::SHA256.hexdigest(Rails.root.to_s)}" "_gitlab_session_#{Digest::SHA256.hexdigest(Rails.root.to_s)}"
elsif ::Gitlab.ee? && ::Gitlab::Geo.connected? && ::Gitlab::Geo.secondary?
"_gitlab_session_geo_#{Digest::SHA256.hexdigest(GeoNode.current_node_name)}"
else else
"_gitlab_session" "_gitlab_session"
end end
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'Session initializer for GitLab EE' do
subject { Gitlab::Application.config }
let(:load_session_store) do
load Rails.root.join('config/initializers/session_store.rb')
end
describe 'config#session_store' do
shared_examples 'normal session cookie' do
it 'returns the regular cookie without a suffix' do
expect(subject).to receive(:session_store).with(:redis_store, a_hash_including(key: '_gitlab_session'))
load_session_store
end
end
context 'no database connection' do
before do
allow(Gitlab::Geo).to receive(:connected?).and_return(false)
end
it_behaves_like 'normal session cookie'
end
context 'Geo is disabled' do
before do
allow(Gitlab::Geo).to receive(:enabled?).and_return(false)
end
it_behaves_like 'normal session cookie'
end
context 'current node is a Geo primary' do
before do
allow(Gitlab::Geo).to receive(:secondary?).and_return(false)
end
it_behaves_like 'normal session cookie'
end
context 'current node is a Geo secondary' do
before do
allow(Gitlab::Geo).to receive(:secondary?).and_return(true)
end
it 'returns a geo specific cookie' do
expect(subject).to receive(:session_store).with(
:redis_store,
a_hash_including(key: /_gitlab_session_geo_[0-9a-f]{64}/)
)
load_session_store
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment