From 5c0c2057ba684b1baf2707e576eae502668099ce Mon Sep 17 00:00:00 2001 From: David Sullivan Date: Fri, 12 Oct 2018 13:24:22 -0400 Subject: [PATCH] Fix horizon user session timeout If a horizon user's token expires during long running operations, those operations can fail. This occurred during long running heat operations (eg multiple stack deletions). We correct this by setting the TOKEN_TIMEOUT_MARGIN parameter in local_settings.py. In this way the user will be logged out 10 minutes before the keystone token expires. For clarity, we also set the horizon session to 50 minutes. The keystone token is 60 minutes so this will match the maximum session length. Change-Id: I80912ad3cd198b114a60886e2760f93805562028 Partial-Bug: 1797186 Signed-off-by: David Sullivan --- .../python-horizon/centos/files/local_settings.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/openstack/python-horizon/centos/files/local_settings.py b/openstack/python-horizon/centos/files/local_settings.py index d6e76af0..40d472b8 100755 --- a/openstack/python-horizon/centos/files/local_settings.py +++ b/openstack/python-horizon/centos/files/local_settings.py @@ -1187,3 +1187,16 @@ LOGGING = { }, }, } + +# Session timeout overrides + +# SESSION_TIMEOUT is a method to supersede the token timeout with a shorter +# horizon session timeout (in seconds). So if your token expires in 60 +# minutes, a value of 1800 will log users out after 30 minutes +SESSION_TIMEOUT = 3000 + +# TOKEN_TIMEOUT_MARGIN ensures the user is logged out before the token +# expires. This parameter specifies the number of seconds before the +# token expiry to log users out. If the token expires in 60 minutes, a +# value of 600 will log users out after 50 minutes. +TOKEN_TIMEOUT_MARGIN = 600