summaryrefslogtreecommitdiff
path: root/config/initializers/session_store.rb
diff options
context:
space:
mode:
Diffstat (limited to 'config/initializers/session_store.rb')
-rw-r--r--config/initializers/session_store.rb16
1 files changed, 7 insertions, 9 deletions
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index 52a099c3e16..501cad4a838 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1,11 +1,9 @@
# Be sure to restart your server when you modify this file.
-Gitlab::Application.config.session_store :cookie_store, key: '_gitlab_session',
- secure: Gitlab::Application.config.force_ssl,
- httponly: true,
- path: (Rails.application.config.relative_url_root.nil?) ? '/' : Rails.application.config.relative_url_root
-
-# Use the database for sessions instead of the cookie-based default,
-# which shouldn't be used to store highly confidential information
-# (create the session table with "rails generate session_migration")
-# Gitlab::Application.config.session_store :active_record_store
+Gitlab::Application.config.session_store(
+ :redis_store, # Using the cookie_store would enable session replay attacks.
+ key: '_gitlab_session',
+ secure: Gitlab::Application.config.force_ssl,
+ httponly: true,
+ path: (Rails.application.config.relative_url_root.nil?) ? '/' : Rails.application.config.relative_url_root
+)
View Lorry Controller Status