Project

General

Profile

Actions

Feature #10674

open

Rename _session_id to _hostname_session_id

Added by Lukas Zapletal about 9 years ago. Updated about 9 years ago.

Status:
New
Priority:
Low
Category:
Web Interface
Target version:
-
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

When running multiple instances of Foreman via SSH tunnels (connecting to localhost), sessions do not play well together. Should be possible to do with Rails.application.config.session_options[:key].

Actions #1

Updated by Lukas Zapletal about 9 years ago

  • Priority changed from Normal to Low

After discussion, it looks like to achieve this we need to make sure this is turned off by default as it can cause issues in clustered setups. We'd need to rename all our cookies as well in the similar pattern, which can be challenging.

It is possible to easily configure this behavior by changing this configuration file:

/usr/share/foreman/config/initializers/session_store.rb

Change this line

Foreman::Application.config.session_store :active_record_store, :secure => !!SETTINGS[:require_ssl]

to

require "socket" 
hostname = Socket.gethostbyname(Socket.gethostname).first
Foreman::Application.config.session_store :active_record_store, :secure => !!SETTINGS[:require_ssl], :key => "_#{hostname}_session_id" 
Actions #2

Updated by Ohad Levy about 9 years ago

would be able to use foreman_url setting?

Actions #3

Updated by Lukas Zapletal about 9 years ago

Yes, that's not a problem. The issue are cookies. I don't think cookies supports any kind of "prefixing".

Actions #4

Updated by Dominic Cleal about 9 years ago

Not in itself, but you'd have to update any code where we set cookies to also use the hostname too.

Actions #5

Updated by Lukas Zapletal about 9 years ago

Btw foreman_url is not good because the moment you change it via UI, you are signed off. I'd stick with hostname which is more stable. If there are no objections, I can make the patch introducing a new setting ignoring cookies for now and warning user in a comment.

Actions #6

Updated by Bryan Kearney about 9 years ago

  • Bugzilla link set to 1227390
Actions #7

Updated by Ohad Levy about 9 years ago

but hostname will break once you have a LB ? can we setup some other identifier to use?

Actions #8

Updated by Lukas Zapletal about 9 years ago

First of all, not all LB techniques kill this.

I don't see any other common id we could use. I suggest to turn this of when in LB mode.

Actions #9

Updated by Ohad Levy about 9 years ago

Lukas Zapletal wrote:

First of all, not all LB techniques kill this.

I don't see any other common id we could use. I suggest to turn this of when in LB mode.

lets have the cookie name configurable, it can default to the hostname, but would not block LB deployments?

Actions #10

Updated by Tom Caspy about 9 years ago

hostname means that we won't be able to have foreman behind a load balancer, assuming hostnames are different (fair assumption)
I think cookie name should be in settings, but can be defaulted to hostname

it's okay if users get logged out when changing the setting in the UI, it's a one-time thing.

Actions #11

Updated by Ohad Levy about 9 years ago

Tom Caspy wrote:

it's okay if users get logged out when changing the setting in the UI, it's a one-time thing.

I tend to agree, if its configurable and defaults to foreman_url imho it solves most of the issues?

Actions #12

Updated by Lukas Zapletal about 9 years ago

Foreman_url is not a good default IMHO for the reasons I explained above.

How about adding new configuration option cluster_id and autogenerate it via our installer to some random value? For cluster deployments we can instruct the users to use the same value...

Actions

Also available in: Atom PDF