OpenStack Dashboard (Horizon)

default SESSION_ENGINE is still signed_cookies

Bug #1736021 reported by Akihiro Motoki
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
Fix Released
Medium
Akihiro Motoki

Bug Description

We still use SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies' as default.
There is a limitation on the length of cookies and using keystone v3 can hit this limitation.

We configure the local memory for session storage django.core.cache.backends.locmem.LocMemCache, but according to the django documentation [1], this is only effective when django.contrib.sessions.backends.cache is used as SESSION_ENGINE.

I think it is better to switch the default SESSION_ENGINE to django.contrib.sessions.backends.cache.

[1] https://docs.djangoproject.com/en/1.11/topics/http/sessions/#configuring-the-session-engine

Revision history for this message
Akihiro Motoki (amotoki) wrote :

FYI:

when I use 'tox -e runserver' and specify SESSION_ENGINE = 'django.contrib.sessions.backends.cache', I am forced to login frequently when moving to another page. It almost happens every time I move a page. Does django.contrib.sessions.backends.cache work with runserver?
For runserver env, it seems we need to use django.contrib.sessions.backends.signed_cookies...

In apache2 env, SESSION_ENGINE = 'django.contrib.sessions.backends.cache' with memcached works perfectly. This is what our documentation recommends.

Note that SESSION_ENGINE = 'django.contrib.sessions.backends.cache' with local memory cache does not work well in apache2 environment. I guess this is because the local memory cache does not support multi-process environment and it is not compatible with apache2 process worker model.
https://docs.djangoproject.com/en/2.0/topics/cache/#local-memory-caching

Ivan Kolodyazhny (e0ne)
Changed in horizon:
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to horizon (master)

Fix proposed to branch: master
Review: https://review.openstack.org/630790

Changed in horizon:
assignee: nobody → Akihiro Motoki (amotoki)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to horizon (master)

Reviewed: https://review.openstack.org/630790
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=a98468bef6b1bd8b3e762d4e22c8b83d27a8aa6a
Submitter: Zuul
Branch: master

commit a98468bef6b1bd8b3e762d4e22c8b83d27a8aa6a
Author: Akihiro Motoki <email address hidden>
Date: Tue Jan 15 07:42:06 2019 +0900

    Change the default SESSION_ENGINE to use cached sessions

    This commit changes the default SESSION_ENGINE to the cached
    sessions and the default cached backend to memcached.

    The cached sessions with memcahced is our current recommendation, but
    we do not use it in our default settings and do not test it in our CI
    (horizon-dsvm-tempest-plugin). It is better to use the recommended
    configurations in our CI.
    The previous default SESSION_ENGINE, the signed cookies, has
    a limitation on the length o cookies and using keystone3 can hit this
    easily. It is not ready for production for most cases.

    For a cache backend, considering multi-process web server deployments,
    memcahced is recommended rather than a local memory backend.

    Note for developers: If you use "tox -e runserver" for developments,
    SESSION_ENGINE = 'django.contrib.sessions.backends.cache' might not
    work expectedly. From my testing, I was forced to log-in frequently
    when moving pages. If you hit this, my suggestion is to configure
    SESSION_ENGINE to django.contrib.sessions.backends.signed_cookies.

    Change-Id: I1c4578ec5a7f70a59c6348d76ad0c12956a18573
    Closes-Bug: #1736021

Changed in horizon:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/horizon 15.0.0.0b2

This issue was fixed in the openstack/horizon 15.0.0.0b2 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.