admin mode started creating lots of unauthenticated sessions in Redis in 16.1
Summary
A customer reported a very large increase in Redis keys in their persistent Redis instance after upgrading from %16.0 to %16.1.
Steps to reproduce
Copied directly from an internal comment by @engwan
-
Enable
Admin Mode
feature: https://docs.gitlab.com/ee/administration/settings/sign_in_restrictions.html#enable-admin-mode-for-your-instance -
Create a personal access token for an admin user
-
Make this curl request:
curl http://localhost:3000/api/v4/version --header "PRIVATE-TOKEN: <YOUR-TOKEN>"
This will result in:
"setex" "session:gitlab:2::f08271e97a86989c0a6e399aa7fed48b72a48a646a1b6d2f1d2b832a197a5735" "604800" "\x04\b{\x06I\"\x16current_user_mode\x06:\x06EF{\x00"
This is due to !116255 (merged) which landed in 16.1.
The admin_mode?
check writes this empty hash due to https://gitlab.com/gitlab-org/gitlab/-/blob/c4d766668c542ab46af2fc3d5e5034fef2d17016/lib/gitlab/namespaced_session_store.rb#L19 even though we're just trying to read a value.
Example Project
What is the current bug behavior?
A GitLab instance running Admin mode will accumilate a lot more unauthenticated session records in Redis, exacerbated also by them being set with an expiry of 7 days rather than two hours.
What is the expected correct behavior?
These sessions aren't created or have the correct 2 hour retention set.
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)