diff options
Diffstat (limited to 'app/helpers/sessions_helper.rb')
-rw-r--r-- | app/helpers/sessions_helper.rb | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/app/helpers/sessions_helper.rb b/app/helpers/sessions_helper.rb index 117f662fec6..e9466a9e97e 100644 --- a/app/helpers/sessions_helper.rb +++ b/app/helpers/sessions_helper.rb @@ -22,11 +22,21 @@ module SessionsHelper # creates a new session after login, so the short TTL doesn't even need to # be extended. def limit_session_time + set_session_time(Settings.gitlab['unauthenticated_session_expire_delay']) + end + + def ensure_authenticated_session_time + set_session_time(nil) + end + + def set_session_time(expiry_s) # Rack sets this header, but not all tests may have it: https://github.com/rack/rack/blob/fdcd03a3c5a1c51d1f96fc97f9dfa1a9deac0c77/lib/rack/session/abstract/id.rb#L251-L259 return unless request.env['rack.session.options'] - # This works because Rack uses these options every time a request is handled: - # https://github.com/rack/rack/blob/fdcd03a3c5a1c51d1f96fc97f9dfa1a9deac0c77/lib/rack/session/abstract/id.rb#L342 - request.env['rack.session.options'][:expire_after] = Settings.gitlab['unauthenticated_session_expire_delay'] + # This works because Rack uses these options every time a request is handled, and redis-store + # uses the Rack setting first: + # 1. https://github.com/rack/rack/blob/fdcd03a3c5a1c51d1f96fc97f9dfa1a9deac0c77/lib/rack/session/abstract/id.rb#L342 + # 2. https://github.com/redis-store/redis-store/blob/3acfa95f4eb6260c714fdb00a3d84be8eedc13b2/lib/redis/store/ttl.rb#L32 + request.env['rack.session.options'][:expire_after] = expiry_s end end |