Remove ability to revoke active session

Session ID is used as a parameter for the revoke session endpoint but it should never be included in the HTML as an attacker could obtain it via XSS.
author: Imre Farkas <ifarkas@gitlab.com> 2019-02-25 14:52:40 +0100
committer: Imre Farkas <ifarkas@gitlab.com> 2019-02-27 14:44:12 +0100
commit: 8343a1ac1be60308c29e899b2f1d6beab1f981a0 (patch)
tree: 08464a8abf968a66ed62c4badc642b5e37cc7c94 /changelogs
parent: 6e86d5e6189cee9711dc13b8650bf0579e31df21 (diff)
download: gitlab-ce-8343a1ac1be60308c29e899b2f1d6beab1f981a0.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/changelogs/unreleased/57534_filter_impersonated_sessions.yml b/changelogs/unreleased/57534_filter_impersonated_sessions.yml
new file mode 100644
index 00000000000..80aea0ab1bc
--- /dev/null
+++ b/changelogs/unreleased/57534_filter_impersonated_sessions.yml
@@ -0,0 +1,6 @@
+---
+title: Do not display impersonated sessions under active sessions and remove ability
+  to revoke session
+merge_request:
+author:
+type: security
author	Imre Farkas <ifarkas@gitlab.com>	2019-02-25 14:52:40 +0100
committer	Imre Farkas <ifarkas@gitlab.com>	2019-02-27 14:44:12 +0100
commit	8343a1ac1be60308c29e899b2f1d6beab1f981a0 (patch)
tree	08464a8abf968a66ed62c4badc642b5e37cc7c94 /changelogs
parent	6e86d5e6189cee9711dc13b8650bf0579e31df21 (diff)
download	gitlab-ce-8343a1ac1be60308c29e899b2f1d6beab1f981a0.tar.gz