Lots of data in session; easy to hit 4KB
Bug #1214197 reported by
justinsb
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
High
|
Yves-Gwenael Bourhis |
Bug Description
The default session storage is signed cookies. These are normally great, but we seem to be putting a lot of data into the session. (I'm also using an alternative Keystone which produces bigger tokens, so I see the problem more often).
When the cookie size goes over 4KB (on Chrome), then the cookie is silently dropped by Chrome.
I suggest that if the cookie size is > 4KB that we at least log an error.
Ideally we would switch the bigger cookies to Memcache / DB backend cookies automatically, and have the session cookie just be a pointer.
Changed in horizon: | |
status: | New → Confirmed |
importance: | Undecided → High |
Changed in horizon: | |
milestone: | none → icehouse-2 |
status: | Fix Committed → Fix Released |
Changed in horizon: | |
milestone: | icehouse-2 → 2014.1 |
To post a comment you must log in.
To be clear, I'm not sure that other people will hit this until signed tokens are widely used with Keystone (so this might only be medium priority). But it is definitely a pretty big gotcha if we switch to bigger tokens or if other stuff is stored in the session.
One thing I noticed is that we stuff the token into the session twice, once in token and once in token_list.
request. session[ 'token' ] = user.token
request. session[ 'token_ list'] = [] session[ 'token_ list']. append( token_tuple)
if 'token_list' not in request.session:
token_tuple = (user.endpoint, user.token.id)
request.
My token.id is 700 bytes. (I'm working on making that smaller)