summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-09-01 16:52:41 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2020-09-01 16:52:41 +0000
commita986819a7bce2002018dfafed3900dc3f2e8fb81 (patch)
tree15c063738d999a0aff035c4842885276a9ab6ac4 /doc
parent92d5172ad42ebc62eb78cac21b1e236ad6ace580 (diff)
downloadgitlab-ce-a986819a7bce2002018dfafed3900dc3f2e8fb81.tar.gz
Add latest changes from gitlab-org/security/gitlab@13-3-stable-ee
Diffstat (limited to 'doc')
-rw-r--r--doc/user/profile/active_sessions.md5
-rw-r--r--doc/user/profile/index.md8
2 files changed, 12 insertions, 1 deletions
diff --git a/doc/user/profile/active_sessions.md b/doc/user/profile/active_sessions.md
index 4dbb11b581d..a5b15a7880c 100644
--- a/doc/user/profile/active_sessions.md
+++ b/doc/user/profile/active_sessions.md
@@ -29,6 +29,11 @@ exceeds 100, the oldest ones are deleted.
1. Use the previous steps to navigate to **Active Sessions**.
1. Click on **Revoke** besides a session. The current session cannot be revoked, as this would sign you out of GitLab.
+NOTE: **Note:**
+When any session is revoked all **Remember me** tokens for all
+devices will be revoked. See ['Why do I keep getting signed out?'](index.md#why-do-i-keep-getting-signed-out)
+for more information about the **Remember me** feature.
+
<!-- ## Troubleshooting
Include any troubleshooting steps that you can foresee. If you know beforehand what issues
diff --git a/doc/user/profile/index.md b/doc/user/profile/index.md
index b6ef6d7fdb7..894494da513 100644
--- a/doc/user/profile/index.md
+++ b/doc/user/profile/index.md
@@ -255,6 +255,12 @@ to get you a new `_gitlab_session` and keep you signed in through browser restar
After your `remember_user_token` expires and your `_gitlab_session` is cleared/expired,
you are asked to sign in again to verify your identity for security reasons.
+NOTE: **Note:**
+When any session is signed out, or when a session is revoked
+via [Active Sessions](active_sessions.md), all **Remember me** tokens are revoked.
+While other sessions will remain active, the **Remember me** feature will not restore
+a session if the browser is closed or the existing session expires.
+
### Increased sign-in time
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/20340) in GitLab 13.1.
@@ -264,7 +270,7 @@ The `remember_user_token` lifetime of a cookie can now extend beyond the deadlin
GitLab uses both session and persistent cookies:
- Session cookie: Session cookies are normally removed at the end of the browser session when the browser is closed. The `_gitlab_session` cookie has no expiration date.
-- Persistent cookie: The `remember_me_token` is a cookie with an expiration date of two weeks. GitLab activates this cookie if you click Remember Me when you sign in.
+- Persistent cookie: The `remember_user_token` is a cookie with an expiration date of two weeks. GitLab activates this cookie if you click Remember Me when you sign in.
By default, the server sets a time-to-live (TTL) of 1-week on any session that is used.