Configurable Session Cookie Prefix (!3608) · Merge requests · GitLab.org / GitLab Development Kit

Omar Qunsul requested to merge 439945-gdk-configurable-session_cookie_token_prefix into main Mar 06, 2024

What does this merge request do and why?

GitLab Rails Application now allows to configure the session cookie to have a prefixed value. See this MR for context how this was implemented on the Rails Application.

This MR adds this as a new configuration to GitLab Development Kit.

Addressing: gitlab#439945 (closed)

Context

As part of the Cells project, adding prefixes to the session cookie value will allow us to do routing based on the session cookie prefix value. See here.

For more details regarding the Cells Routing, see this blueprint page.

How to set up and validate locally

1. Setting a new prefix

Change the configured prefix. Feel free to change the prefix to anything you want. gdk config set gitlab.rails.session_store.session_cookie_token_prefix some_new_prefix_
gdk reconfigure
Make sure the config has been set in the Rails application using this command cat gitlab/config/session_store.yml
Restart the rails app gdk restart rails-web
Clear your gitlab cookies in the local GDK localhost:3000. Right Click -> Inspect -> Application -> Cookies -> http://127.0.0.0/localhost / Select gitlab_session_***** -> Right Click -> Delete
Refresh. You should see the session cookie was set again with a new value set to the prefix.

2. Reset the prefix

Reset the prefix to the default value gdk config set gitlab.rails.session_store.session_cookie_token_prefix ""
gdk reconfigure
Make sure the config has been removed from the Rails application using this command cat gitlab/config/session_store.yml

Repeat steps 4 to 6

Impacted categories

The following categories relate to this merge request:

gdk-reliability - e.g. When a GDK action fails to complete.
gdk-usability - e.g. Improvements or suggestions around how the GDK functions.
gdk-performance - e.g. When a GDK action is slow or times out.

Merge request checklist

This change is backward compatible. If not, please include steps to communicate to our users.
Tests added for new functionality. If not, please raise an issue to follow-up.
Documentation added/updated, if needed.
Announcement added, if change is notable.
gdk doctor test added, if needed.
Add the ~highlight label if this MR should be included in the CHANGELOG.md.

Edited Mar 06, 2024 by Omar Qunsul

Configurable Session Cookie Prefix