Change the default SESSION_ENGINE to use cached sessions

This commit changes the default SESSION_ENGINE to the cached
sessions and the default cached backend to memcached.

The cached sessions with memcahced is our current recommendation, but
we do not use it in our default settings and do not test it in our CI
(horizon-dsvm-tempest-plugin). It is better to use the recommended
configurations in our CI.
The previous default SESSION_ENGINE, the signed cookies, has
a limitation on the length o cookies and using keystone3 can hit this
easily. It is not ready for production for most cases.

For a cache backend, considering multi-process web server deployments,
memcahced is recommended rather than a local memory backend.

Note for developers: If you use "tox -e runserver" for developments,
SESSION_ENGINE = 'django.contrib.sessions.backends.cache' might not
work expectedly. From my testing, I was forced to log-in frequently
when moving pages. If you hit this, my suggestion is to configure
SESSION_ENGINE to django.contrib.sessions.backends.signed_cookies.

Change-Id: I1c4578ec5a7f70a59c6348d76ad0c12956a18573
Closes-Bug: #1736021
This commit is contained in:
Akihiro Motoki 2019-01-15 07:42:06 +09:00
parent be5b04ca6d
commit a98468bef6
3 changed files with 33 additions and 8 deletions

View File

@ -153,7 +153,9 @@ SECRET_KEY = secret_key.generate_or_read_from_file(
# We recommend you use memcached for development; otherwise after every reload # We recommend you use memcached for development; otherwise after every reload
# of the django development server, you will have to login again. To use # of the django development server, you will have to login again. To use
# memcached set CACHES to something like # memcached set CACHES to something like below.
# For more information, see
# https://docs.djangoproject.com/en/1.11/topics/http/sessions/.
#CACHES = { #CACHES = {
# 'default': { # 'default': {
# 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', # 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
@ -161,12 +163,6 @@ SECRET_KEY = secret_key.generate_or_read_from_file(
# }, # },
#} #}
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
},
}
# Send email to the console by default # Send email to the console by default
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
# Or send them to /dev/null # Or send them to /dev/null

View File

@ -198,7 +198,14 @@ AUTHENTICATION_URLS = ['openstack_auth.urls']
AUTH_USER_MODEL = 'openstack_auth.User' AUTH_USER_MODEL = 'openstack_auth.User'
MESSAGE_STORAGE = 'django.contrib.messages.storage.fallback.FallbackStorage' MESSAGE_STORAGE = 'django.contrib.messages.storage.fallback.FallbackStorage'
SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies' SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
},
}
SESSION_COOKIE_HTTPONLY = True SESSION_COOKIE_HTTPONLY = True
SESSION_EXPIRE_AT_BROWSER_CLOSE = True SESSION_EXPIRE_AT_BROWSER_CLOSE = True
SESSION_COOKIE_SECURE = False SESSION_COOKIE_SECURE = False

View File

@ -0,0 +1,22 @@
---
upgrade:
- |
The default value of ``SESSION_ENGINE`` is changed to
``django.contrib.sessions.backends.cache``
so that a cache-based session backend is used.
The default cache back-end is set to the memcached backend
``django.core.cache.backends.memcached.MemcachedCache``
from the local-memory backend
considering multi-process web server deployments.
They are settings which horizon recommends for a long time
but we have not use them by default.
If your deployment uses the signed-cookies as a session engine,
ensure that ``SESSION_ENGINE`` is configured to
``django.contrib.sessions.backends.signed_cookies``
before upgrading horizon to Stein release.
If your deployment uses the cached session engine and
your cache backend depends on horizon default setting,
ensure to ``CACHES`` setting to use the local-memory backend.