Skip to content

Commit 2c2f1e3

Browse files
committed
Restrict session cookie to the relative path if set.
1 parent 188e6a7 commit 2c2f1e3

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

config/initializers/session_store.rb

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,8 @@
22

33
Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session',
44
secure: Gitlab::Application.config.force_ssl,
5-
httponly: true
5+
httponly: true,
6+
path: (Rails.application.config.relative_url_root.nil?) ? '/' : Rails.application.config.relative_url_root
67

78
# Use the database for sessions instead of the cookie-based default,
89
# which shouldn't be used to store highly confidential information

0 commit comments

Comments
 (0)