1 Summary |
1 Summary |
2 ------- |
2 ------- |
3 Add the 'pyramid' command to cubicweb-ctl" |
3 |
|
4 Add the 'pyramid' command to cubicweb-ctl". |
|
5 |
|
6 This cube also add a ``CWSession`` entity type so that sessions can be |
|
7 stored in the database, which allows to run a Cubicweb instance |
|
8 without having to set up a session storage (like redis or memcache) |
|
9 solution. |
|
10 |
|
11 However, for production systems, it is greatly advised to use such a |
|
12 storage solution for the sessions. |
|
13 |
|
14 The handling of the sessions is made by pyramid (see the |
|
15 `pyramid's documentation on sessions`_ for more details). |
|
16 |
|
17 For example, to set up a redis based session storage, you need the |
|
18 `pyramid-redis-session`_ package, then you must configure pyramid to |
|
19 use this backend, by configuring the ``pyramid.ini`` file in the instance's |
|
20 config directory (near the ``all-in-one.conf`` file): |
|
21 |
|
22 |
|
23 .. code-block:: ini |
|
24 |
|
25 [main] |
|
26 cubicweb.defaults = no # we do not want to load the default cw session handling |
|
27 |
|
28 cubicweb.auth.authtkt.session.secret = <secret1> |
|
29 cubicweb.auth.authtkt.persistent.secret = <secret2> |
|
30 cubicweb.auth.authtkt.session.secure = yes |
|
31 cubicweb.auth.authtkt.persistent.secure = yes |
|
32 |
|
33 redis.sessions.secret = <secret3> |
|
34 redis.sessions.prefix = <my-app>: |
|
35 |
|
36 redis.sessions.url = redis://localhost:6379/0 |
|
37 |
|
38 pyramid.includes = |
|
39 pyramid_redis_sessions |
|
40 pyramid_cubicweb.auth |
|
41 pyramid_cubicweb.login |
|
42 |
|
43 |
|
44 See the documentation of `Pyramid Cubicweb`_ for more details. |
|
45 |
|
46 |
|
47 Secrets |
|
48 ~~~~~~~ |
|
49 |
|
50 There are a number of secrets to configure in ``pyramid.ini``. They |
|
51 should be different one from each other, as explained in `Pyramid's |
|
52 documentation`_. |
|
53 |
|
54 For the record: |
|
55 |
|
56 :cubicweb.session.secret: This secret is used to encrypt the session's |
|
57 data ID (data themselved are stored in the backend, database or |
|
58 redis) when using the integrated (``CWSession`` based) session data |
|
59 storage. |
|
60 |
|
61 :redis.session.secret: This secret is used to encrypt the session's |
|
62 data ID (data themselved are stored in the backend, database or |
|
63 redis) when using redis as backend. |
|
64 |
|
65 :cubicweb.auth.authtkt.session.secret: This secret is used to encrypt |
|
66 the authentication cookie. |
|
67 |
|
68 :cubicweb.auth.authtkt.persistent.secret: This secret is used to |
|
69 encrypt the persistent authentication cookie. |
|
70 |
|
71 |
|
72 .. _`Pyramid Cubicweb`: http://pyramid-cubicweb.readthedocs.org/ |
|
73 .. _`pyramid's documentation on sessions`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/sessions.html |
|
74 .. _`pyramid-redis-session`: http://pyramid-redis-sessions.readthedocs.org/en/latest/index.html |
|
75 .. _`Pyramid's documentation`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html#admonishment-against-secret-sharing |