Use cookie-based sessions when Django 1.4 is available

Registered by Gabriel Hurley on 2011-11-22

Django 1.4 includes signed cookie-based sessions. This is the most reasonable default session backend for the purposes of Horizon (specific production deployment needs will vary). See https://docs.djangoproject.com/en/dev/topics/http/sessions/#using-cookie-based-sessions for more information.

Blueprint information

Status:
Complete
Approver:
Devin Carlen
Priority:
Medium
Drafter:
Gabriel Hurley
Direction:
Approved
Assignee:
Gabriel Hurley
Definition:
Approved
Series goal:
Accepted for essex
Implementation:
Implemented
Milestone target:
milestone icon 2012.1
Started by
Gabriel Hurley on 2012-02-28
Completed by
Tres Henry on 2012-02-29

Related branches

Sprints

Whiteboard

Considerations:

  * Django 1.4 FINAL isn't going to be released until fairly close to the Essex release deadline.
  * Django 1.4 likely will not be the version shipped by Ubuntu 12.04.
  * Using cookie-based sessions is a trivial two-line change in the settings file, and is a deployment-related issue as-is.
  * Making cookie-based sessions the default pegs us to 1.4 as the minimum version, whereas not making it the default allows us to keep 1.3.1 as the minimum version for Essex while still being compatible with 1.4 when it's released.

As such, and after discussion with Anthony Young and Tres Henry, I'm recommending this blueprint be changed to a documentation issue: simply that we add a section to the docs on deployment issues, starting with information on the session backends, how to configure them, and some basic pros and cons.

[devcamcar] Make it so!

Gerrit topic: https://review.openstack.org/#q,topic:bp/cookie-based-sessions,n,z

Addressed by: https://review.openstack.org/4669
    Added beginnings of a deployment guide w/ info on sessions.

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.