Add ability to prefix session cookies
We are planning to use prefixes in session cookies so that we can route to the correct Cell:
Assume the Cell is configured to generate all secrets and session cookies with a prefix like eu0_ for Cell EU0.
Proposal
-
Add configuration option in GitLab to add optional prefix for session cookie -
Ensure all secret detection code (e.g. regexes) are updated to match un-Cell-prefixed and Cell-prefixed tokensFor the PoC: https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/assets/javascripts/lib/utils/secret_detection.jsBefore productionizing, there is a list of places here: https://docs.gitlab.com/ee/development/secure_coding_guidelines.html#token-prefixes
-
Make sure that the new setting is added to GDK -> MR is in review: gitlab-development-kit!3608 (merged) -
Update https://gitlab.com/gitlab-org/tenant-scale-group/pocs/routing/rules-router#step-2-gdk-1 to include configuring session_cookie_token_prefix
for the additional cell -
Make sure that the new setting is added to OmniBus ( in review by @OmarQunsulGitlab ). Documentation still to be done. See here: omnibus-gitlab!7605 (comment 1911951952) -
Make sure that the new setting is added to the Helm Charts ( in review by @OmarQunsulGitlab )
Edited by Omar Qunsul