diff options
author | Matthias Runge <mrunge@redhat.com> | 2014-01-13 13:33:34 +1100 |
---|---|---|
committer | Kieran Spear <kispear@gmail.com> | 2014-01-30 10:30:06 +1100 |
commit | 970b165d5fef31c56f5914b921665bdf6882d2e2 (patch) | |
tree | afd73f32a33503e409f82b04ac33cb32c2c853f0 | |
parent | 7a8eadc328e309a28aba02569efec23ca01eba59 (diff) | |
download | horizon-970b165d5fef31c56f5914b921665bdf6882d2e2.tar.gz |
Fix inappropriate logouts on load-balanced Horizon
The session timeout code in the horizon/middleware.py can cause
inappropriate timeouts/logouts when running Horizon behind a load
balancer on two machines that are slightly out of sync time-wise.
Use timestamps rather than datetime as the arithmetic is simpler.
Closes-bug: #1243277
(cherry-picked from commit 13355dacdbfa9ef14a4e1c16afeffaece5c13a39,
minus the unrelated settings.py changes.)
Change-Id: I23159d2dee7fc05653a99fc89fbfd4d52e988df5
-rw-r--r-- | horizon/middleware.py | 7 | ||||
-rw-r--r-- | horizon/test/tests/middleware.py | 5 |
2 files changed, 6 insertions, 6 deletions
diff --git a/horizon/middleware.py b/horizon/middleware.py index 6cd9d420a..565124137 100644 --- a/horizon/middleware.py +++ b/horizon/middleware.py @@ -21,9 +21,9 @@ Middleware provided and used by Horizon. """ -import datetime import json import logging +import time from django.conf import settings # noqa from django.contrib.auth import REDIRECT_FIELD_NAME # noqa @@ -61,11 +61,12 @@ class HorizonMiddleware(object): timeout = 1800 last_activity = request.session.get('last_activity', None) - timestamp = datetime.datetime.now() + timestamp = int(time.time()) request.horizon = {'dashboard': None, 'panel': None, 'async_messages': []} - if last_activity and (timestamp - last_activity).seconds > timeout: + if (isinstance(last_activity, int) + and (timestamp - last_activity) > timeout): request.session.pop('last_activity') response = HttpResponseRedirect( '%s?next=%s' % (settings.LOGOUT_URL, request.path)) diff --git a/horizon/test/tests/middleware.py b/horizon/test/tests/middleware.py index d480fa10d..53ae5b19b 100644 --- a/horizon/test/tests/middleware.py +++ b/horizon/test/tests/middleware.py @@ -15,7 +15,7 @@ # License for the specific language governing permissions and limitations # under the License. -import datetime +import time from django.conf import settings # noqa @@ -43,8 +43,7 @@ class MiddlewareTests(test.TestCase): timeout = settings.SESSION_TIMEOUT except AttributeError: timeout = 1800 - request.session['last_activity'] =\ - datetime.datetime.now() - datetime.timedelta(seconds=timeout + 10) + request.session['last_activity'] = int(time.time()) - (timeout + 10) mw = middleware.HorizonMiddleware() resp = mw.process_request(request) self.assertEqual(resp.status_code, 302) |