Geo secondary proxying with a unified URL: Handle sessions properly
From #325732 (comment 669167526):
In development
- The session initializer appends a different suffix (based on root path) in dev, so there are two different session cookies for the same domain
- With two different cookies, if the user is authenticated on the primary, the secondary will proxy this cookie as well and the requests will work as intended/normal
- This also works with different ports
- There's a sign out issue when attempting to sign out from the secondary
Omnibus
- By default (the same session initializer) uses
_gitlab_session
as the cookie name- With two different Geo sites on the same domain, the cookie will get overwritten by each other (resulting in a sign-in on the primary being logged out once the secondary is accessed)
Possible solutions:
If we have a separate cookie name for the Geo site, this would be the same case as
In development
above, allowing sessions for both sites to live in the user's browser so proxying would work.
So two known problems:
- Make session cookies unique per Geo site
- Make sign out work properly given 1)
Edited by Michael Kozono