When using strict validation, every request is checked to have:
A valid session.
A valid access token, connected to that session.
(2) is checked by hitting the UserInfo endpoint of GitLab. In the past,
we had an issue where an unrelated error could cause the user's session
to be revoked: https://github.com/arrikto/dev/issues/640
The issue was resolved, but in a mangled branch handling, it was
reverted in a recent commit: ad8a754646e2bea2a04e0407b6c7e24813ba9626
Reinstate the fix, so that random failures don't result in the user's
session being terminated.
When using strict validation, every request is checked to have:
(2) is checked by hitting the UserInfo endpoint of GitLab. In the past, we had an issue where an unrelated error could cause the user's session to be revoked: https://github.com/arrikto/dev/issues/640
The issue was resolved, but in a mangled branch handling, it was reverted in a recent commit: ad8a754646e2bea2a04e0407b6c7e24813ba9626
Reinstate the fix, so that random failures don't result in the user's session being terminated.
Signed-off-by: Yannis Zarkadas yanniszark@arrikto.com