Lower session expiry when user is unauthenticated
What does this MR do and why?
When a user is redirected to sign in, the limit_session_time
helper
is not called in certain cases.
This MR fixes them so that the lower expiry is set properly.
Related to #363453 (closed) https://gitlab.com/gitlab-com/gl-infra/production/-/issues/7126
How to set up and validate locally
- Run
gdk redis-cli monitor | grep "session:gitlab"
to monitor Redis commands - Run
curl http://127.0.0.1:3000/dashboard/todos
/curl http://127.0.0.1:3000/oauth/authorize\?client_id\=123
to make a request that gets redirected to sign-in - Notice that the expiry is now set to
7200
instead of604800
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Heinrich Lee Yu