Set experimentation cookie for GitLab domain only (!30303) · Merge requests · GitLab.org / GitLab

André Hänsel requested to merge AndreKR/gitlab:experimentation-cookie-domain into master Apr 23, 2020

Currently the cookie experimentation_subject_id is set for the top domain, even when GitLab was installed on a subdomain. So for example if GitLab is on gitlab.example.com, the cookie will be set for *.example.com. This interferes with other software on other subdomains of the same domain.

This commit changes that so that the cookie is now only installed for the GitLab domain.

This brings it in line with all the other cookies that GitLab sets, like _gitlab_session, perf_bar_enabled, frequently_uses_emojis, etc. which are all set for the specific GitLab domain only (by sending no domain info).

Existing cookies remain untouched, only if a user deleted their cookies, the new one will be set for the GitLab domain only.

I had a quick look at !17703 (merged) to see if there was a specific reason for the cookie to be available for the whole domain and I think it's just an oversight.

Closes #36741 (closed)

Set experimentation cookie for GitLab domain only

Merge request reports