Hi,
I am using Nginx as a reverse proxy for my self-hosted GitLab
instance. When accessing GitLab through this proxy, I frequently
experience logouts with a "session expired" error, even during active
sessions.
The GitLab URL is configured as gitlab.mydomain.com. However, when
logging out of GitLab, all other company services using *.mydomain.com
are also disconnected, even for sites that do not share the same
certificate (GitLab uses a wildcard certificate) or those without a
certificate at all.
After some research, I discovered that GitLab appears to delete all
cookies for the domain during logout. There even seems to be a fix for
this issue:
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/142740
Now, I’m wondering if the frequent logouts (session expiration) might
be related to this cookie issue, and if there are any suggestions for
addressing it via Nginx.
Thanks
--
*Esta mensagem pode conter informações confidenciais ou privilegiadas,
sendo seu sigilo protegido por lei. Se você não for o destinatário ou a
pessoa autorizada a receber esta mensagem, não pode usar, copiar ou
divulgar as informações nela contidas ou tomar qualquer ação baseada nessas
informações. Se você recebeu esta mensagem por engano, por favor avise
imediatamente ao remetente, respondendo o e-mail e em seguida apague-o.
Agradecemos sua cooperação.*
> Now, I’m wondering if the frequent logouts (session expiration) might be related to this cookie issue, and if there are any suggestions for addressing it via Nginx.
Nginx can't do much about it If the application behind deletes all the cookies.
So check what version of Gitlab you are running as the fix has been merged ~only 5 month ago https://gitlab.com/gitlab-org/gitlab/-/merge_requests/156213
rr
"Nginx can't do much about it If the application behind deletes all the
cookies."
Yes, I am fully aware that this issue needs to be resolved at the
application level, and we should apply the merge request as soon as
possible. My final question about Nginx is more focused on the issue of
session expiration when accessing the application through Nginx. This
problem doesn't occur when accessing the application directly. Even when
using GitLab in isolation (without opening other sites on the same domain),
the session still expires after a very short time when accessed via Nginx.
I’ve tried several timeout configurations in Nginx, but none of them have
resolved the issue. Currently, the configuration looks like this, but it
still hasn’t worked:
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
client_header_timeout 600;
client_body_timeout 600;
I’m still conducting additional tests to determine if the cookie issue is
also contributing to the problem of sessions expiring so frequently.
On Sat, Jan 25, 2025 at 9:45 AM Reinis Rozitis via nginx <nginx at nginx.org>
wrote:
> > Now, I’m wondering if the frequent logouts (session expiration) might be
> related to this cookie issue, and if there are any suggestions for
> addressing it via Nginx.
>
> Nginx can't do much about it If the application behind deletes all the
> cookies.
> So check what version of Gitlab you are running as the fix has been merged
> ~only 5 month ago
> https://gitlab.com/gitlab-org/gitlab/-/merge_requests/156213
>
> rr
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
>
--
*Esta mensagem pode conter informações confidenciais ou privilegiadas,
sendo seu sigilo protegido por lei. Se você não for o destinatário ou a
pessoa autorizada a receber esta mensagem, não pode usar, copiar ou
divulgar as informações nela contidas ou tomar qualquer ação baseada nessas
informações. Se você recebeu esta mensagem por engano, por favor avise
imediatamente ao remetente, respondendo o e-mail e em seguida apague-o.
Agradecemos sua cooperação.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20250128/4fdbef65/attachment.htm>