Removing last_activity session flag
This change will simplify horizon session management and lesson the load on session backends which currently are writing records with every page request. Pre-Requisite change: https://review.openstack.org/#/c/179800/ Change-Id: I3ff8ca6b56655c7c68743398fee903d651332867 Closes-bug: #1450914
This commit is contained in:
parent
8d008a73c4
commit
b676ac13fa
@ -1112,10 +1112,12 @@ define the policy rules actions are verified against.
|
|||||||
|
|
||||||
.. versionadded:: 2013.2(Havana)
|
.. versionadded:: 2013.2(Havana)
|
||||||
|
|
||||||
Default: ``"1800"``
|
Default: ``"3600"``
|
||||||
|
|
||||||
|
This SESSION_TIMEOUT is a method to supercede the token timeout with a shorter
|
||||||
|
horizon session timeout (in seconds). So if your token expires in 60 minutes,
|
||||||
|
a value of 1800 will log users out after 30 minutes.
|
||||||
|
|
||||||
Specifies the timespan in seconds inactivity, until a user is considered as
|
|
||||||
logged out.
|
|
||||||
|
|
||||||
``SAHARA_AUTO_IP_ALLOCATION_ENABLED``
|
``SAHARA_AUTO_IP_ALLOCATION_ENABLED``
|
||||||
-------------------------------------
|
-------------------------------------
|
||||||
|
@ -21,7 +21,6 @@ Middleware provided and used by Horizon.
|
|||||||
|
|
||||||
import json
|
import json
|
||||||
import logging
|
import logging
|
||||||
import time
|
|
||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.contrib.auth import REDIRECT_FIELD_NAME # noqa
|
from django.contrib.auth import REDIRECT_FIELD_NAME # noqa
|
||||||
@ -30,10 +29,8 @@ from django.contrib import messages as django_messages
|
|||||||
from django import http
|
from django import http
|
||||||
from django import shortcuts
|
from django import shortcuts
|
||||||
from django.utils.encoding import iri_to_uri # noqa
|
from django.utils.encoding import iri_to_uri # noqa
|
||||||
from django.utils import timezone
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
from openstack_auth import utils as auth_utils
|
|
||||||
from openstack_auth import views as auth_views
|
from openstack_auth import views as auth_views
|
||||||
import six
|
import six
|
||||||
|
|
||||||
@ -49,33 +46,6 @@ class HorizonMiddleware(object):
|
|||||||
|
|
||||||
logout_reason = None
|
logout_reason = None
|
||||||
|
|
||||||
def _check_has_timed_timeout(self, request):
|
|
||||||
"""Check for session timeout and return timestamp."""
|
|
||||||
has_timed_out = False
|
|
||||||
# Activate timezone handling
|
|
||||||
tz = request.session.get('django_timezone')
|
|
||||||
if tz:
|
|
||||||
timezone.activate(tz)
|
|
||||||
try:
|
|
||||||
timeout = settings.SESSION_TIMEOUT
|
|
||||||
except AttributeError:
|
|
||||||
timeout = 1800
|
|
||||||
last_activity = request.session.get('last_activity', None)
|
|
||||||
timestamp = int(time.time())
|
|
||||||
if (
|
|
||||||
hasattr(request, "user")
|
|
||||||
and hasattr(request.user, "token")
|
|
||||||
and not auth_utils.is_token_valid(request.user.token)
|
|
||||||
):
|
|
||||||
# The user was logged in, but his keystone token expired.
|
|
||||||
has_timed_out = True
|
|
||||||
if isinstance(last_activity, int):
|
|
||||||
if (timestamp - last_activity) > timeout:
|
|
||||||
has_timed_out = True
|
|
||||||
if has_timed_out:
|
|
||||||
request.session.pop('last_activity')
|
|
||||||
return (has_timed_out, timestamp)
|
|
||||||
|
|
||||||
def _logout(self, request, login_url=None, message=None):
|
def _logout(self, request, login_url=None, message=None):
|
||||||
"""Logout a user and display a logout message."""
|
"""Logout a user and display a logout message."""
|
||||||
response = auth_views.logout(request, login_url)
|
response = auth_views.logout(request, login_url)
|
||||||
@ -97,11 +67,6 @@ class HorizonMiddleware(object):
|
|||||||
# to avoid creating too many sessions
|
# to avoid creating too many sessions
|
||||||
return None
|
return None
|
||||||
|
|
||||||
# Check for session timeout if user is (or was) authenticated.
|
|
||||||
has_timed_out, timestamp = self._check_has_timed_timeout(request)
|
|
||||||
if has_timed_out:
|
|
||||||
return self._logout(request, request.path, _("Session timed out."))
|
|
||||||
|
|
||||||
if request.is_ajax():
|
if request.is_ajax():
|
||||||
# if the request is Ajax we do not want to proceed, as clients can
|
# if the request is Ajax we do not want to proceed, as clients can
|
||||||
# 1) create pages with constant polling, which can create race
|
# 1) create pages with constant polling, which can create race
|
||||||
@ -140,8 +105,6 @@ class HorizonMiddleware(object):
|
|||||||
'max_cookie_size': max_cookie_size,
|
'max_cookie_size': max_cookie_size,
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
# We have a valid session, so we set the timestamp
|
|
||||||
request.session['last_activity'] = timestamp
|
|
||||||
|
|
||||||
def process_exception(self, request, exception):
|
def process_exception(self, request, exception):
|
||||||
"""Catches internal Horizon exception classes such as NotAuthorized,
|
"""Catches internal Horizon exception classes such as NotAuthorized,
|
||||||
|
@ -13,8 +13,6 @@
|
|||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import time
|
|
||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
|
|
||||||
from django.http import HttpResponseRedirect # noqa
|
from django.http import HttpResponseRedirect # noqa
|
||||||
@ -35,19 +33,6 @@ class MiddlewareTests(test.TestCase):
|
|||||||
|
|
||||||
self.assertRedirects(resp, url)
|
self.assertRedirects(resp, url)
|
||||||
|
|
||||||
def test_session_timeout(self):
|
|
||||||
requested_url = '/project/instances/'
|
|
||||||
request = self.factory.get(requested_url)
|
|
||||||
try:
|
|
||||||
timeout = settings.SESSION_TIMEOUT
|
|
||||||
except AttributeError:
|
|
||||||
timeout = 1800
|
|
||||||
request.session['last_activity'] = int(time.time()) - (timeout + 10)
|
|
||||||
mw = middleware.HorizonMiddleware()
|
|
||||||
resp = mw.process_request(request)
|
|
||||||
self.assertEqual(302, resp.status_code)
|
|
||||||
self.assertEqual(requested_url, resp.get('Location'))
|
|
||||||
|
|
||||||
def test_process_response_redirect_on_ajax_request(self):
|
def test_process_response_redirect_on_ajax_request(self):
|
||||||
url = settings.LOGIN_URL
|
url = settings.LOGIN_URL
|
||||||
mw = middleware.HorizonMiddleware()
|
mw = middleware.HorizonMiddleware()
|
||||||
|
@ -179,13 +179,11 @@ SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'
|
|||||||
SESSION_COOKIE_HTTPONLY = True
|
SESSION_COOKIE_HTTPONLY = True
|
||||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
|
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
|
||||||
SESSION_COOKIE_SECURE = False
|
SESSION_COOKIE_SECURE = False
|
||||||
SESSION_TIMEOUT = 1800
|
|
||||||
# A token can be near the end of validity when a page starts loading, and
|
# SESSION_TIMEOUT is a method to supercede the token timeout with a shorter
|
||||||
# invalid during the rendering which can cause errors when a page load.
|
# horizon session timeout (in seconds). So if your token expires in 60
|
||||||
# TOKEN_TIMEOUT_MARGIN defines a time in seconds we retrieve from token
|
# minutes, a value of 1800 will log users out after 30 minutes
|
||||||
# validity to avoid this issue. You can adjust this time depending on the
|
SESSION_TIMEOUT = 3600
|
||||||
# performance of the infrastructure.
|
|
||||||
TOKEN_TIMEOUT_MARGIN = 10
|
|
||||||
|
|
||||||
# When using cookie-based sessions, log error when the session cookie exceeds
|
# When using cookie-based sessions, log error when the session cookie exceeds
|
||||||
# the following size (common browsers drop cookies above a certain size):
|
# the following size (common browsers drop cookies above a certain size):
|
||||||
|
Loading…
Reference in New Issue
Block a user