►
Description
In this Backend pairing session we work on adding a `gitlab.com` cookie that can be read from `about.gitlab.com`.
A
C
C
A
B
C
A
Okay,
so
I'm
from
the
marketing
team,
which
means
I
mostly
work
at
about.getlabs.com
and
not
getlabs.com,
and
we
wanted
to
personalize
marketing
for
git
Lab
customer
for
already
established
git
lab
customers,
and
we
wanted
to
do
that
basing
off
of
whether
or
not
someone
was
logged
into
the
gitlab
product.
So
my
idea
was
just
to
have
a
cookie
if
it
doesn't
pass
any
user
information.
I
just
wanted
to
have
a
cookie
on
the
gitlab
product
site.
That
just
tells
me
someone
is
logged
in
that
I
could
see
from
the
marketing
site.
A
So,
for
example,
like
my
get
free
trial
button
will
change
to
try.
I,
don't
know
ee
if
you're
not
already
and
originally
I
had
this
set
up
as
just
a
cookie
that
was
based
in
a
controller
and
then
after
working
with
Jesse
she's.
She
suggested
that
I
use.
Let
me
scroll,
let's
see
oh
yeah,
so
I've
been
stuck
for
a
little
while
she
suggested
that
I
use
the
active
session.ruby
file,
which
is
storing
I,
guess
session
cookies
based
off
of
the
user's
spaces.
C
A
B
A
C
B
B
A
And
I
was
trying
to
access,
and
this
will
also
be
like
stored
as
an
array
of
objects.
So
at
one
point,
I
was
trying
to
just
access
their
newest
entry
and
seeing
if
this
key
value
is
there
and
then
setting
my
cookie
based
off
of
that,
but
it
wasn't
working
if
I
checked.
The
remember
me
box,
which
is
where
I
got
lost
again
and
I
also
could
be
completely
misunderstanding.
Everything
that
Jesse
has
suggested,
which
is
also
why
I'm
here.
B
So
I
wanna,
I
wanna
understand
the
problems
more
and
I'm
very
I'm.
This
is
well
beyond
my.
You
know
normal
realm
of
expertise,
so
we're
we're
in
we're
in
company,
so
I'm,
just
brainstorming,
shooting
crazy
ideas
out
there
as
well,
but
I
do
want
to
understand
the
problem
more
so
from
the
about
gitlab
page.
We
would
like
to
know
if
they're
already
signed
in
and
is
this
like,
not
a
potential
use
cases.
B
B
A
Kind
of
so
what
you're
thinking
is
like
step,
three
of
like
us,
iterating
on
knowing
if
the
person
is
logged
in
Step,
One
is
just
seeing
if
they're
logged
in
and
then
instead
of
showing
them
like
hey
like
get
a
free
trial.
We
would
say:
hey
subscribe
instead,
because
if
you
are
when
you
logged
in
I'm,
assuming
you
have
a
free
trial.
B
B
And
so
what
you've
recently
added
is
here
on
the
left
of
this
set
active
user
thing?
Yes,
okay,
where
else
do
we
reference
cookies,
because
I'm
looking
on
the
far
right
and
I
see
active
session
is
all
about
like
okay?
This
is
because
correct
me,
if
I'm
wrong
and
obviously
there's
different
ways
of
doing
it,
but
I
feel
like
what
we
what
the
back
end
gives
to
the
client
as
far
as
the
cookie
goes.
Isn't
all
the
data?
B
B
Yeah
we're
we're
in
company
here
but
I
think
that's
my
working
hypothesis
for
how
this
might
work
so
because
what
I'm?
What
the
point
is,
is
that
I
think
the
about
page?
Will
it
need
to
know
that
information
behind
the
cookie
or
will
it
just
need
to
know
that
the
cookie
exists?
That's
the
question,
I'm
not
entirely
sure
about
I
have
a
feeling.
It's
it's
sufficient.
B
A
Sounds
doable
like
when
I
was
originally
doing
this,
the
only
value
I
was
storing
in
the
cookie
was
that
it
was
true
and
I
was
deleting
it
when
someone
signed
out
yeah.
What
threw
me
for
a
loop
is.
This
whole
remember
me
function
because
now
the
user
doesn't
have
to
sign
in
and
I
based
my
cookie
creation
off
of
them
signing
in,
and
that's
what
led
me
to
this
active
sessions
Ruby
file,
because
this
is
somehow
connected
to
that.
Remember
me
token,
when
it
creates
a
session
well.
A
B
So
I
thought
my
my
understanding
of
remember
me
is
like
that's
just
going
to
affect
the
life
of
the
cookie
and
the
life
of
all
this
stuff.
So
at
some
point
on
cookie
creation,
I
thought
that
remember
me
and
otherwise
would
follow
the
same
path,
but
this
this.
But
this
is
all
still
I'm.
Conjecture,
I'm,
not
and
I
really
don't
know.
B
When
both
cookies
are
gone
and
expired,
you
must
sign
in
oh
I,
see
how
interesting
I
see.
So
we
wouldn't
necessarily
want
I
see.
So
it
sounds
like
the
problem.
Is
we
don't
want?
Oh
don't
interrupt
me.
A
little
girl
I'll
be
there
in
just
a
little
bit.
No,
not
right!
Now
we
need
to
it's
not
about
the
cookie
being.
B
B
A
B
A
A
B
Yeah
that
totally,
that
totally
makes
sense,
but
I
think
we
create
a
brand
new
cookie
that
we
can
read.
We
can
check
for
the
presence
of,
but
keeping
that
cookie
in
sync,
with
the
actual
state
of
the
user,
seems
to
be
a
challenge,
because
we
can't
just
do
it
of
because
we
can't
set
the
life
of
that
cookie.
B
B
B
A
B
A
A
In
a
draft
State
because
I
was
trying
to
access
this-
oh
let
me
switch
over
here,
so
I
was
trying
to
access
this
set
method
from
active
session,
and
this
will
set
this
active
user
session.
So
I
was
trying
to
access
this
just
active
key
value
that
I
added
just
because
I
didn't
want
to
touch
anything
that
had
to
do
with
user
devices.
A
Yeah
and
I
came
I
came
across
the
issue,
which
was
very,
very
Niche
in
order
to
use
this
set
method.
I
have
to
pass
in,
like
the
user
and
the
request,
and
it
looks
like
by
the
time
the
session
controller
gets
to
my
method.
Current
user
isn't
created
yet,
and
so
I
get
this
undefined
for
this
set
method
because
user
doesn't
exist
yet
yeah.
B
A
Oh,
this
was
a
suggestion.
I
got
from
Jessie
was
to
try
to
modify
this
file
so
that
it
works
for
my
purposes,
because
this
is
somehow
connected
to
the
remember
me
token,
and
this
is
where
I
got
lost,
because
I
couldn't
really
see
how
the
two
were
connected
and
then
I
was
coming
into
this
issue,
with
user
not
being
defined
yeah.
B
A
B
B
C
C
B
B
C
B
A
B
A
B
B
C
B
C
C
I
think
it
would
also
for
the
future
stuff.
I
know.
You
said
when
you
put
the
domain
and
you
can't
test
it
locally.
I
I,
don't
know
how,
but
it
would
be
awesome
if
we
could
make.
However,
that
domain
is
being
set.
Work
for
like
the
dev
environment
and
for
production,
but
I
feel
like
that's
like
a
once.
It's
working
stuff
there's
got
to
be
a
way
to
do
that
too.
I
don't
know
I.
A
A
C
A
B
A
B
A
B
B
A
C
B
A
B
Whenever
we
wrote
the
real
gitlab
cookie,
we
wrote
the
about.gilab.com
readable
version
of
it
and
whenever
we
wrote
remember
user
token
cookie,
we
wrote
the
about
get
loud.com,
readable
version
of
remember
user
token,
and
that
way
about
goodlove.com
can
just
see.
Do
you
have
remember
user
token?
Or
do
you
have
this
thing?
If
you
have
any
of
those
we're
going
to
treat
you
as
signed
in
and
we're
good.
A
B
B
A
B
A
B
Okay,
if
we
go
back
sorry
I,
if
there's
a
way
for
us
to
tell
that
we
have
been
remembered,
sounds
like
that's
would
be
a
great
thing
to
have.
We
can
keep
the
set
acts
of
user
function
where
it's
at
we
just
need
to
figure
out.
Can
we
tell
if
we're
remembered,
do
we
have
do
we
have
access
to
the
active
user
when
we
set
that
cookie
yet
or
has
it
not
been
created
yet?
Is
that
what
we
landed
on.
A
B
A
A
B
B
A
A
C
B
Maybe
we
could
look
at
oh
I,
wonder
if,
after
we
create
I
bet,
we
can
I
bet,
we
can
look
at
what
response
cookies
are
about
to
send
so
I
bet.
We
could
actually
just
look
at
the
cookies
and
try
to
find
the
remember
cookie
from
there
from
the
controller
can
we
do
like
a
a
puts
or
inspect
of
all
the
cookies
from
the
set
active
user.
A
B
C
A
C
A
B
A
B
B
A
B
B
A
B
B
Oh
so
the
remember
user
token
is
there?
Yes,
yes,
yes,
that's
great,
that's
that's
what
we
gotta
do
yes
and
we
can
just
put
the
expires.
That's
copy
it
over!
Yes,
yes,
it's
like
I
would
that
sounds
great.
I
would
almost
like
even
call
the
the
cookies
since
there's
keep
the
Symmetry
with
where
they're
coming
from.
But
if
we
want
to
have
two
cookies
we
could
have
the
about.
B
A
A
B
B
A
B
I
think
what
I
think
of
all
these
so
quickly
if
I'm
wrong,
but
so
this
method
gets
called
when
we
do
create
and
when
and
when
we
do
destroy.
Yes,
that
switch
is
almost
like
making
the
branching
logic
of
the
method.
A
little
hard
to
follow.
So
I
would
almost
say,
like:
let's
create
two
methods:
one
for
create
active
user
cookie
and
then
destroy
active
user
cookie.
So
we
don't
have
to.
C
C
B
C
C
C
C
B
B
C
B
B
B
B
B
A
B
A
C
C
A
B
B
B
B
A
B
A
A
A
C
B
A
B
B
C
C
B
A
B
B
B
A
B
C
C
A
C
B
Told
me
not
to
worry
about
it,
okay,
so
that
gbt
also
told
me
not
to
worry
about
it.
If
I
I
was
having
a
conversation
with
it
every
once
in
a
while
I
have
it
write
letters
to
my
wife
and
I,
send
them
to
my
wife
and
I,
give
her
a
picture
of
Chachi
T
wrote
it,
so
she
doesn't
think
that
I
did
but
I
replied
to
it
and
I
said
hey.
B
She
knows
that
you
wrote
it
I
think
she
likes
you
better
than
me
now
and
chat
gbt
like
took
forever
to
respond,
and
then
finally,
then
it
responded
like
like
thanks
for
the
compliment
like
you,
don't
have
to
worry
about
it.
If
your
wife
likes
me
more
than
you
and
I
was
like.
Oh
my
gosh,
what
is
wrong
with
you.
B
C
I
am
not
sure,
I'm
still
100,
not
sure
what
that
asset
cookies
is
going
to
give
us
and
I,
don't
see
it
used.
The
reason
why
I
say
I'm
not
sure
is
because
I
like
walks
and
go
and
look
in
the
code
base
and
see
if
it's
stuff,
just
like
that,
is
used
anywhere
else,
and
they
don't
see
it
used
anywhere
else.
So
I
want
to
have
to
probably
defer
any
comment
to
someone
that
knows
more
about
cookies
than
me.
C
C
B
All
right
so
yeah
I'm
gonna
have
to
hop
off
but
I
think
even
if
we
can't
read
the
expires.
So
even
if
we
just
end
up
using
cookies
and
checking
for
the
presents
and
stuff
like
that
and
testing
out.
The
two
cases
of
remember
me
and
not
remember
me.
So
even
if
we
can't
read
the
expires,
the
other
option
of
what
you
were
about
to
do,
Miracle
of
let's
just
put
two
weeks
in
there
or
whatever
kind
of
the
same
amount
that
we're
using
when
we
set
the
bad
cookie.
A
B
We
can
just
reuse
that
amount
and
not
try
to
read
from
the
cookie
like
I
was
suggesting,
so
that
would
work
here.
We
wouldn't
need
said
cookies.
The
only
reason
we're
using
said
cookies,
so
we
can
actually
read
from
the
value
itself,
but
I
think
being
able
to
test
for
the
presence
of
remember
user
token.
B
Yeah
I
would
I
would
I
would
try
this
out.
It's
possible
set
cookies.
The
ad
set
cookies
I'm
suggesting
isn't
going
to
work,
so
we
might
not
be
able
to
read
the
expires
from
it
because
it
looks
like
the
only
thing
we
can
test
for
here
is
the
presence
of
a
cookie
and
then
get
actually
like
the
encrypted
value.
Let's
not
worry
about
the
encrypted
value
or
anything
like
that.
We
can
just
get
the
presence
of
it
and
then
somehow
put
the
some
expires.
That
makes
sense,
if
said
cookies,
doesn't
work,
so
cool
yeah.