• Stan Hu's avatar
    Set shorter TTL for all unauthenticated requests · 8ccdaf33
    Stan Hu authored
    GitLab 11.2 limited the time-to-live (TTL) of unauthenticated sessions
    via !6586 using
    `before_action` in `ApplicationController`. However, this broke OAuth2
    logins, which set the `current_user` **after** a login is successful, so
    we moved it to an `after_action` in
    gitlab-foss!21144. However,
    `after_action` isn't called if a exception is raised in the request
    cycle. Thus, in some situations, TTLs weren't always being set to a
    short value.
    
    This commit adds the TTL limiting to the Devise Failure App, which is
    run anytime the user is redirected to the sign-in page.
    
    Relates to
    gitlab-com/gl-infra/infrastructure#8247
    8ccdaf33
devise_failure.rb 492 Bytes