diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-01 16:52:41 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-01 16:52:41 +0000 |
| commit | a986819a7bce2002018dfafed3900dc3f2e8fb81 (patch) | |
| tree | 15c063738d999a0aff035c4842885276a9ab6ac4 /doc | |
| parent | 92d5172ad42ebc62eb78cac21b1e236ad6ace580 (diff) | |
| download | gitlab-ce-a986819a7bce2002018dfafed3900dc3f2e8fb81.tar.gz | |
Add latest changes from gitlab-org/security/gitlab@13-3-stable-ee
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/user/profile/active_sessions.md | 5 | ||||
| -rw-r--r-- | doc/user/profile/index.md | 8 |
2 files changed, 12 insertions, 1 deletions
diff --git a/doc/user/profile/active_sessions.md b/doc/user/profile/active_sessions.md index 4dbb11b581d..a5b15a7880c 100644 --- a/doc/user/profile/active_sessions.md +++ b/doc/user/profile/active_sessions.md @@ -29,6 +29,11 @@ exceeds 100, the oldest ones are deleted. 1. Use the previous steps to navigate to **Active Sessions**. 1. Click on **Revoke** besides a session. The current session cannot be revoked, as this would sign you out of GitLab. +NOTE: **Note:** +When any session is revoked all **Remember me** tokens for all +devices will be revoked. See ['Why do I keep getting signed out?'](index.md#why-do-i-keep-getting-signed-out) +for more information about the **Remember me** feature. + <!-- ## Troubleshooting Include any troubleshooting steps that you can foresee. If you know beforehand what issues diff --git a/doc/user/profile/index.md b/doc/user/profile/index.md index b6ef6d7fdb7..894494da513 100644 --- a/doc/user/profile/index.md +++ b/doc/user/profile/index.md @@ -255,6 +255,12 @@ to get you a new `_gitlab_session` and keep you signed in through browser restar After your `remember_user_token` expires and your `_gitlab_session` is cleared/expired, you are asked to sign in again to verify your identity for security reasons. +NOTE: **Note:** +When any session is signed out, or when a session is revoked +via [Active Sessions](active_sessions.md), all **Remember me** tokens are revoked. +While other sessions will remain active, the **Remember me** feature will not restore +a session if the browser is closed or the existing session expires. + ### Increased sign-in time > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/20340) in GitLab 13.1. @@ -264,7 +270,7 @@ The `remember_user_token` lifetime of a cookie can now extend beyond the deadlin GitLab uses both session and persistent cookies: - Session cookie: Session cookies are normally removed at the end of the browser session when the browser is closed. The `_gitlab_session` cookie has no expiration date. -- Persistent cookie: The `remember_me_token` is a cookie with an expiration date of two weeks. GitLab activates this cookie if you click Remember Me when you sign in. +- Persistent cookie: The `remember_user_token` is a cookie with an expiration date of two weeks. GitLab activates this cookie if you click Remember Me when you sign in. By default, the server sets a time-to-live (TTL) of 1-week on any session that is used. |