18F · zachmargolis · Nov 3, 2022 · Nov 3, 2022 · Nov 3, 2022 · Nov 4, 2022
diff --git a/Gemfile b/Gemfile
@@ -51,7 +51,7 @@ gem 'rack-timeout', require: false
 gem 'redacted_struct'
 gem 'redis', '>= 3.2.0'
 gem 'redis-namespace'
-gem 'redis-session-store', '>= 0.11.4'
+gem 'redis-session-store', github: '18f/redis-session-store', ref: 'margolis-use-connection-pool'
 gem 'retries'
 gem 'rotp', '~> 6.1'
 gem 'rqrcode'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -36,6 +36,15 @@ GIT
       pkcs11
       uuid
 
+GIT
+  remote: https://github.com/18f/redis-session-store.git
+  revision: 1e97057f3d860c4dce758c61e7de66b8450b5f94
+  ref: margolis-use-connection-pool
+  specs:
+    redis-session-store (0.12.pre.18f)
+      actionpack (>= 6, < 8)
+      redis (>= 3, < 5)
+
 GIT
   remote: https://github.com/hashrocket/capybara-webmock.git
   revision: 63d790a0b6c779b9700634bfc153e25ccdeb3688
@@ -533,9 +542,6 @@ GEM
     redis (4.7.1)
     redis-namespace (1.8.1)
       redis (>= 3.0.4)
-    redis-session-store (0.11.4)
-      actionpack (>= 3, < 8)
-      redis (>= 3, < 5)
     regexp_parser (2.6.0)
     reline (0.2.7)
       io-console (~> 0.5)
@@ -802,7 +808,7 @@ DEPENDENCIES
   redacted_struct
   redis (>= 3.2.0)
   redis-namespace
-  redis-session-store (>= 0.11.4)
+  redis-session-store!
   retries
   rotp (~> 6.1)
   rqrcode

diff --git a/app/services/out_of_band_session_accessor.rb b/app/services/out_of_band_session_accessor.rb
@@ -12,7 +12,7 @@ def initialize(session_uuid)
 
   def ttl
     uuid = session_uuid
-    session_store.instance_eval { redis.ttl(prefixed(uuid)) }
+    session_store.instance_eval { with_redis { |redis| redis.ttl(prefixed(uuid)) } }
   end
 
   def load

diff --git a/app/services/x509/session_store.rb b/app/services/x509/session_store.rb
@@ -2,7 +2,6 @@
 # in an out-of-band fashion (using only the session UUID) instead of having access
 # to the user_session from Devise/Warden
 # Should only be used outside of a normal browser session (such as the OpenID Connect API)
-# See X509::Cacher for accessing PII inside of a normal browser session
 module X509
   class SessionStore
     attr_reader :session_uuid
@@ -13,7 +12,7 @@ def initialize(session_uuid)
 
     def ttl
       uuid = session_uuid
-      session_store.instance_eval { redis.ttl(prefixed(uuid)) }
+      session_store.instance_eval { with_redis { |redis| redis.ttl(prefixed(uuid)) } }
     end
 
     def load

diff --git a/config/initializers/redis.rb b/config/initializers/redis.rb
@@ -12,9 +12,7 @@
   )
 end
 
-REDIS_SESSION_POOL_WRAPPER = ConnectionPool::Wrapper.new(
-  size: IdentityConfig.store.redis_session_pool_size,
-) do
+REDIS_SESSION_POOL = ConnectionPool.new(size: IdentityConfig.store.redis_session_pool_size) do
   # redis-session-store does its own namespacing in session_store.rb
   Redis.new(url: IdentityConfig.store.redis_url)
 end
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
@@ -13,7 +13,7 @@
     ttl: IdentityConfig.store.session_timeout_in_minutes.minutes,
 
     key_prefix: "#{IdentityConfig.store.domain_name}:session:",
-    client: REDIS_SESSION_POOL_WRAPPER,
+    client_pool: REDIS_SESSION_POOL,
   },
   on_session_load_error: SessionEncryptorErrorHandler,
   serializer: SessionEncryptor.new,