Disable the Sidekiq Admin Rack session (!21441) · Merge requests · GitLab.org / GitLab FOSS

Stan Hu requested to merge sh-disable-sidekiq-session into master Aug 30, 2018

GitLab already has its own session store, so this extra Sidekiq session is unnecessary. In addition, the GitLab session store properly sets the Secure flag, unlike the default Rack session.

CSRF protection in the Sidekiq /admin page continues to work with the existing GitLab session.

See https://github.com/mperham/sidekiq/pull/3183 for more details.

Part of #49120

Disable the Sidekiq Admin Rack session

Merge request reports