Clear session cookie when browser is closed
What does this MR do and why?
The session cookie should not have an Expires value so that it is
expired once the browser is closed.
This restores the cookie behavior pre-17.10.
References
- https://gitlab.com/gitlab-org/gitlab/-/issues/534096
- https://gitlab.com/gitlab-org/gitlab/-/issues/530237
- This was already reviewed / approved in https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4917
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Heinrich Lee Yu