diff --git a/doc/source/topics/settings.rst b/doc/source/topics/settings.rst index 5a69a1962..daf81d10b 100755 --- a/doc/source/topics/settings.rst +++ b/doc/source/topics/settings.rst @@ -1112,10 +1112,12 @@ define the policy rules actions are verified against. .. versionadded:: 2013.2(Havana) -Default: ``"1800"`` +Default: ``"3600"`` + +This SESSION_TIMEOUT is a method to supercede the token timeout with a shorter +horizon session timeout (in seconds). So if your token expires in 60 minutes, +a value of 1800 will log users out after 30 minutes. -Specifies the timespan in seconds inactivity, until a user is considered as - logged out. ``SAHARA_AUTO_IP_ALLOCATION_ENABLED`` ------------------------------------- diff --git a/horizon/middleware.py b/horizon/middleware.py index d39f4da26..410241958 100644 --- a/horizon/middleware.py +++ b/horizon/middleware.py @@ -21,7 +21,6 @@ Middleware provided and used by Horizon. import json import logging -import time from django.conf import settings from django.contrib.auth import REDIRECT_FIELD_NAME # noqa @@ -30,10 +29,8 @@ from django.contrib import messages as django_messages from django import http from django import shortcuts from django.utils.encoding import iri_to_uri # noqa -from django.utils import timezone from django.utils.translation import ugettext_lazy as _ -from openstack_auth import utils as auth_utils from openstack_auth import views as auth_views import six @@ -49,33 +46,6 @@ class HorizonMiddleware(object): logout_reason = None - def _check_has_timed_timeout(self, request): - """Check for session timeout and return timestamp.""" - has_timed_out = False - # Activate timezone handling - tz = request.session.get('django_timezone') - if tz: - timezone.activate(tz) - try: - timeout = settings.SESSION_TIMEOUT - except AttributeError: - timeout = 1800 - last_activity = request.session.get('last_activity', None) - timestamp = int(time.time()) - if ( - hasattr(request, "user") - and hasattr(request.user, "token") - and not auth_utils.is_token_valid(request.user.token) - ): - # The user was logged in, but his keystone token expired. - has_timed_out = True - if isinstance(last_activity, int): - if (timestamp - last_activity) > timeout: - has_timed_out = True - if has_timed_out: - request.session.pop('last_activity') - return (has_timed_out, timestamp) - def _logout(self, request, login_url=None, message=None): """Logout a user and display a logout message.""" response = auth_views.logout(request, login_url) @@ -97,11 +67,6 @@ class HorizonMiddleware(object): # to avoid creating too many sessions return None - # Check for session timeout if user is (or was) authenticated. - has_timed_out, timestamp = self._check_has_timed_timeout(request) - if has_timed_out: - return self._logout(request, request.path, _("Session timed out.")) - if request.is_ajax(): # if the request is Ajax we do not want to proceed, as clients can # 1) create pages with constant polling, which can create race @@ -140,8 +105,6 @@ class HorizonMiddleware(object): 'max_cookie_size': max_cookie_size, } ) - # We have a valid session, so we set the timestamp - request.session['last_activity'] = timestamp def process_exception(self, request, exception): """Catches internal Horizon exception classes such as NotAuthorized, diff --git a/horizon/test/tests/middleware.py b/horizon/test/tests/middleware.py index 617351f88..4b80b9ae7 100644 --- a/horizon/test/tests/middleware.py +++ b/horizon/test/tests/middleware.py @@ -13,8 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -import time - from django.conf import settings from django.http import HttpResponseRedirect # noqa @@ -35,19 +33,6 @@ class MiddlewareTests(test.TestCase): self.assertRedirects(resp, url) - def test_session_timeout(self): - requested_url = '/project/instances/' - request = self.factory.get(requested_url) - try: - timeout = settings.SESSION_TIMEOUT - except AttributeError: - timeout = 1800 - request.session['last_activity'] = int(time.time()) - (timeout + 10) - mw = middleware.HorizonMiddleware() - resp = mw.process_request(request) - self.assertEqual(302, resp.status_code) - self.assertEqual(requested_url, resp.get('Location')) - def test_process_response_redirect_on_ajax_request(self): url = settings.LOGIN_URL mw = middleware.HorizonMiddleware() diff --git a/openstack_dashboard/settings.py b/openstack_dashboard/settings.py index 0392340f4..73266eb75 100644 --- a/openstack_dashboard/settings.py +++ b/openstack_dashboard/settings.py @@ -179,13 +179,11 @@ SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies' SESSION_COOKIE_HTTPONLY = True SESSION_EXPIRE_AT_BROWSER_CLOSE = True SESSION_COOKIE_SECURE = False -SESSION_TIMEOUT = 1800 -# A token can be near the end of validity when a page starts loading, and -# invalid during the rendering which can cause errors when a page load. -# TOKEN_TIMEOUT_MARGIN defines a time in seconds we retrieve from token -# validity to avoid this issue. You can adjust this time depending on the -# performance of the infrastructure. -TOKEN_TIMEOUT_MARGIN = 10 + +# SESSION_TIMEOUT is a method to supercede the token timeout with a shorter +# horizon session timeout (in seconds). So if your token expires in 60 +# minutes, a value of 1800 will log users out after 30 minutes +SESSION_TIMEOUT = 3600 # When using cookie-based sessions, log error when the session cookie exceeds # the following size (common browsers drop cookies above a certain size):