Fix inappropriate logouts on load-balanced Horizon
The session timeout code in the horizon/middleware.py can cause
inappropriate timeouts/logouts when running Horizon behind a load
balancer on two machines that are slightly out of sync time-wise.
Use timestamps rather than datetime as the arithmetic is simpler.
Closes-bug: #1243277
(cherry-picked from commit 13355dacdb
,
minus the unrelated settings.py changes.)
Change-Id: I23159d2dee7fc05653a99fc89fbfd4d52e988df5
This commit is contained in:
parent
7a8eadc328
commit
970b165d5f
|
@ -21,9 +21,9 @@
|
|||
Middleware provided and used by Horizon.
|
||||
"""
|
||||
|
||||
import datetime
|
||||
import json
|
||||
import logging
|
||||
import time
|
||||
|
||||
from django.conf import settings # noqa
|
||||
from django.contrib.auth import REDIRECT_FIELD_NAME # noqa
|
||||
|
@ -61,11 +61,12 @@ class HorizonMiddleware(object):
|
|||
timeout = 1800
|
||||
|
||||
last_activity = request.session.get('last_activity', None)
|
||||
timestamp = datetime.datetime.now()
|
||||
timestamp = int(time.time())
|
||||
request.horizon = {'dashboard': None,
|
||||
'panel': None,
|
||||
'async_messages': []}
|
||||
if last_activity and (timestamp - last_activity).seconds > timeout:
|
||||
if (isinstance(last_activity, int)
|
||||
and (timestamp - last_activity) > timeout):
|
||||
request.session.pop('last_activity')
|
||||
response = HttpResponseRedirect(
|
||||
'%s?next=%s' % (settings.LOGOUT_URL, request.path))
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import datetime
|
||||
import time
|
||||
|
||||
from django.conf import settings # noqa
|
||||
|
||||
|
@ -43,8 +43,7 @@ class MiddlewareTests(test.TestCase):
|
|||
timeout = settings.SESSION_TIMEOUT
|
||||
except AttributeError:
|
||||
timeout = 1800
|
||||
request.session['last_activity'] =\
|
||||
datetime.datetime.now() - datetime.timedelta(seconds=timeout + 10)
|
||||
request.session['last_activity'] = int(time.time()) - (timeout + 10)
|
||||
mw = middleware.HorizonMiddleware()
|
||||
resp = mw.process_request(request)
|
||||
self.assertEqual(resp.status_code, 302)
|
||||
|
|
Loading…
Reference in New Issue