81 .. _include: http://docs.pylonsproject.org/projects/pyramid/en/latest/api/config.html#pyramid.config.Configurator.include |
81 .. _include: http://docs.pylonsproject.org/projects/pyramid/en/latest/api/config.html#pyramid.config.Configurator.include |
82 .. _`INI setting / environment variable`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/environment.html#adding-a-custom-setting |
82 .. _`INI setting / environment variable`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/environment.html#adding-a-custom-setting |
83 .. _documentation: http://pyramid-cubicweb.readthedocs.org/ |
83 .. _documentation: http://pyramid-cubicweb.readthedocs.org/ |
84 .. _AuthTktAuthenticationPolicy: \ |
84 .. _AuthTktAuthenticationPolicy: \ |
85 http://docs.pylonsproject.org/projects/pyramid/en/latest/api/authentication.html#pyramid.authentication.AuthTktAuthenticationPolicy |
85 http://docs.pylonsproject.org/projects/pyramid/en/latest/api/authentication.html#pyramid.authentication.AuthTktAuthenticationPolicy |
|
86 |
|
87 Command |
|
88 ======= |
|
89 |
|
90 Summary |
|
91 ------- |
|
92 |
|
93 Add the 'pyramid' command to cubicweb-ctl". |
|
94 |
|
95 This cube also add a ``CWSession`` entity type so that sessions can be |
|
96 stored in the database, which allows to run a Cubicweb instance |
|
97 without having to set up a session storage (like redis or memcache) |
|
98 solution. |
|
99 |
|
100 However, for production systems, it is greatly advised to use such a |
|
101 storage solution for the sessions. |
|
102 |
|
103 The handling of the sessions is made by pyramid (see the |
|
104 `pyramid's documentation on sessions`_ for more details). |
|
105 |
|
106 For example, to set up a redis based session storage, you need the |
|
107 `pyramid-redis-session`_ package, then you must configure pyramid to |
|
108 use this backend, by configuring the ``pyramid.ini`` file in the instance's |
|
109 config directory (near the ``all-in-one.conf`` file): |
|
110 |
|
111 |
|
112 .. code-block:: ini |
|
113 |
|
114 [main] |
|
115 cubicweb.defaults = no # we do not want to load the default cw session handling |
|
116 |
|
117 cubicweb.auth.authtkt.session.secret = <secret1> |
|
118 cubicweb.auth.authtkt.persistent.secret = <secret2> |
|
119 cubicweb.auth.authtkt.session.secure = yes |
|
120 cubicweb.auth.authtkt.persistent.secure = yes |
|
121 |
|
122 redis.sessions.secret = <secret3> |
|
123 redis.sessions.prefix = <my-app>: |
|
124 |
|
125 redis.sessions.url = redis://localhost:6379/0 |
|
126 |
|
127 pyramid.includes = |
|
128 pyramid_redis_sessions |
|
129 pyramid_cubicweb.auth |
|
130 pyramid_cubicweb.login |
|
131 |
|
132 |
|
133 See the documentation of `Pyramid Cubicweb`_ for more details. |
|
134 |
|
135 .. Warning:: If you want to be able to log in a CubicWeb application |
|
136 served by pyramid on a unsecured stream (typically when |
|
137 you start an instance in dev mode using a simple |
|
138 ``cubicweb-ctl pyramid -D -linfo myinstance``), you |
|
139 **must** set ``cubicweb.auth.authtkt.session.secure`` to |
|
140 ``no``. |
|
141 |
|
142 Secrets |
|
143 ~~~~~~~ |
|
144 |
|
145 There are a number of secrets to configure in ``pyramid.ini``. They |
|
146 should be different one from each other, as explained in `Pyramid's |
|
147 documentation`_. |
|
148 |
|
149 For the record: |
|
150 |
|
151 :cubicweb.session.secret: This secret is used to encrypt the session's |
|
152 data ID (data themselved are stored in the backend, database or |
|
153 redis) when using the integrated (``CWSession`` based) session data |
|
154 storage. |
|
155 |
|
156 :redis.session.secret: This secret is used to encrypt the session's |
|
157 data ID (data themselved are stored in the backend, database or |
|
158 redis) when using redis as backend. |
|
159 |
|
160 :cubicweb.auth.authtkt.session.secret: This secret is used to encrypt |
|
161 the authentication cookie. |
|
162 |
|
163 :cubicweb.auth.authtkt.persistent.secret: This secret is used to |
|
164 encrypt the persistent authentication cookie. |
|
165 |
|
166 |
|
167 .. _`Pyramid Cubicweb`: http://pyramid-cubicweb.readthedocs.org/ |
|
168 .. _`pyramid's documentation on sessions`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/sessions.html |
|
169 .. _`pyramid-redis-session`: http://pyramid-redis-sessions.readthedocs.org/en/latest/index.html |
|
170 .. _`Pyramid's documentation`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html#admonishment-against-secret-sharing |