Is the self host gitlab login screen GDPR compliant?

Hello folks,
I have installed a self hosted gitlab instance on my server. Now when I navigate to the domain in private mode and am not logged in, I see the login screen of gitlab. It sets two cookies experimentation_subject_id and _gitlab_session .

Now I don’t know what exactly these cookies do and if they are already processing private data or if they already violate the GDPR. I would be very pleased if someone could enlighten me.

  • Gee, the _gitlab_session is well, for keeping the session alive. I personally do not see the use of that, but it doesn’t track you or anything. It’s a session.
  • No clue what the experimentation_subject_id stores though. I don’t get it set on my selfhosted CE (, so I don’t know.
1 Like