From a98468bef6b1bd8b3e762d4e22c8b83d27a8aa6a Mon Sep 17 00:00:00 2001 From: Akihiro Motoki Date: Tue, 15 Jan 2019 07:42:06 +0900 Subject: [PATCH] Change the default SESSION_ENGINE to use cached sessions This commit changes the default SESSION_ENGINE to the cached sessions and the default cached backend to memcached. The cached sessions with memcahced is our current recommendation, but we do not use it in our default settings and do not test it in our CI (horizon-dsvm-tempest-plugin). It is better to use the recommended configurations in our CI. The previous default SESSION_ENGINE, the signed cookies, has a limitation on the length o cookies and using keystone3 can hit this easily. It is not ready for production for most cases. For a cache backend, considering multi-process web server deployments, memcahced is recommended rather than a local memory backend. Note for developers: If you use "tox -e runserver" for developments, SESSION_ENGINE = 'django.contrib.sessions.backends.cache' might not work expectedly. From my testing, I was forced to log-in frequently when moving pages. If you hit this, my suggestion is to configure SESSION_ENGINE to django.contrib.sessions.backends.signed_cookies. Change-Id: I1c4578ec5a7f70a59c6348d76ad0c12956a18573 Closes-Bug: #1736021 --- .../local/local_settings.py.example | 10 +++------ openstack_dashboard/settings.py | 9 +++++++- .../session-engine-bc6305bfb74a9beb.yaml | 22 +++++++++++++++++++ 3 files changed, 33 insertions(+), 8 deletions(-) create mode 100644 releasenotes/notes/session-engine-bc6305bfb74a9beb.yaml diff --git a/openstack_dashboard/local/local_settings.py.example b/openstack_dashboard/local/local_settings.py.example index 2ad4078e14..5c76d344bb 100644 --- a/openstack_dashboard/local/local_settings.py.example +++ b/openstack_dashboard/local/local_settings.py.example @@ -153,7 +153,9 @@ SECRET_KEY = secret_key.generate_or_read_from_file( # We recommend you use memcached for development; otherwise after every reload # of the django development server, you will have to login again. To use -# memcached set CACHES to something like +# memcached set CACHES to something like below. +# For more information, see +# https://docs.djangoproject.com/en/1.11/topics/http/sessions/. #CACHES = { # 'default': { # 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', @@ -161,12 +163,6 @@ SECRET_KEY = secret_key.generate_or_read_from_file( # }, #} -CACHES = { - 'default': { - 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache', - }, -} - # Send email to the console by default EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' # Or send them to /dev/null diff --git a/openstack_dashboard/settings.py b/openstack_dashboard/settings.py index fb5c700349..977e2a3b0f 100644 --- a/openstack_dashboard/settings.py +++ b/openstack_dashboard/settings.py @@ -198,7 +198,14 @@ AUTHENTICATION_URLS = ['openstack_auth.urls'] AUTH_USER_MODEL = 'openstack_auth.User' MESSAGE_STORAGE = 'django.contrib.messages.storage.fallback.FallbackStorage' -SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies' +SESSION_ENGINE = 'django.contrib.sessions.backends.cache' +CACHES = { + 'default': { + 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', + 'LOCATION': '127.0.0.1:11211', + }, +} + SESSION_COOKIE_HTTPONLY = True SESSION_EXPIRE_AT_BROWSER_CLOSE = True SESSION_COOKIE_SECURE = False diff --git a/releasenotes/notes/session-engine-bc6305bfb74a9beb.yaml b/releasenotes/notes/session-engine-bc6305bfb74a9beb.yaml new file mode 100644 index 0000000000..ec5709f547 --- /dev/null +++ b/releasenotes/notes/session-engine-bc6305bfb74a9beb.yaml @@ -0,0 +1,22 @@ +--- +upgrade: + - | + The default value of ``SESSION_ENGINE`` is changed to + ``django.contrib.sessions.backends.cache`` + so that a cache-based session backend is used. + + The default cache back-end is set to the memcached backend + ``django.core.cache.backends.memcached.MemcachedCache`` + from the local-memory backend + considering multi-process web server deployments. + + They are settings which horizon recommends for a long time + but we have not use them by default. + + If your deployment uses the signed-cookies as a session engine, + ensure that ``SESSION_ENGINE`` is configured to + ``django.contrib.sessions.backends.signed_cookies`` + before upgrading horizon to Stein release. + If your deployment uses the cached session engine and + your cache backend depends on horizon default setting, + ensure to ``CACHES`` setting to use the local-memory backend.