Lots of data in session; easy to hit 4KB

To be clear, I'm not sure that other people will hit this until signed tokens are widely used with Keystone (so this might only be medium priority). But it is definitely a pretty big gotcha if we switch to bigger tokens or if other stuff is stored in the session.

One thing I noticed is that we stuff the token into the session twice, once in token and once in token_list.

    request.session['token'] = user.token
    if 'token_list' not in request.session:
        request.session['token_list'] = []
    token_tuple = (user.endpoint, user.token.id)
    request.session['token_list'].append(token_tuple)

My token.id is 700 bytes. (I'm working on making that smaller)

We regularly push the cookie size limit. PKI tokens makes the problem worse. As a base implementation, it is reasonable to expect groups building on top of Horizon would need to augment the data stored in the session. When the base implementation pushes the cookie size limit, that is fairly limiting.

There is no explicit error when the max cookie size is exceeded. The only indication is errant behavior that is or is not obvious.

Fix proposed to branch: master
Review: https://review.openstack.org/46711

I found a reason for the cookie to grow and can make it blow up the 4K on purpose.

See this commit:
https://github.com/openstack/django_openstack_auth/commit/b319ac78c81a2b0ad66fa998adf9347c4eec7ec0

Now if in the midleware's 'process_request' methodyou try to print out the request.session['token_list'], you will notice that everytime you swith project(tenant) in the project page, a new tupple consisting of (user.endpoint, user.token.id) is added to the request.session['token_list'] list, even if you switch back to the previous project(tenant), this list keeps growing and growing. it is emptied only when logging out of the session.

So to reproduce the bug, on a devstack, log in as "admin", switch back and forth from admin to" demo" in the "project" tab, and this list will grow and grow and grow after each switch (with firebug you see the cookie size increasing), until you reach or exceed the 4K.

Reported but on django-openstack-auth : https://bugs.launchpad.net/django-openstack-auth/+bug/1227754

Reviewed: https://review.openstack.org/46711
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=56d5f53d4f405bb24b58ab26abe59ffab1ee6390
Submitter: Jenkins
Branch: master

commit 56d5f53d4f405bb24b58ab26abe59ffab1ee6390
Author: Yves-Gwenael Bourhis <email address hidden>
Date: Mon Sep 16 11:01:06 2013 +0200

    Logging error if cookie size is > 4KB

    When session storage is configured to use signed cookies, logging error when
    cookie size is > 4KB.

    Change-Id: Ia766f4505ce0527123a9fa9a62bf6d312858da46
    Closes-Bug: #1214197