Mercurial Mercurial > pub > hg > cubicweb / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
README.pyramid.rst
changeset 11681 b23d58050076
parent 11631 faf279e33298
equal deleted inserted replaced
11631:faf279e33298 11681:b23d58050076 
    81 .. _include: http://docs.pylonsproject.org/projects/pyramid/en/latest/api/config.html#pyramid.config.Configurator.include
 
    81 .. _include: http://docs.pylonsproject.org/projects/pyramid/en/latest/api/config.html#pyramid.config.Configurator.include
 
    82 .. _`INI setting / environment variable`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/environment.html#adding-a-custom-setting
 
    82 .. _`INI setting / environment variable`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/environment.html#adding-a-custom-setting
 
    83 .. _documentation: http://pyramid-cubicweb.readthedocs.org/
 
    83 .. _documentation: http://pyramid-cubicweb.readthedocs.org/
 
    84 .. _AuthTktAuthenticationPolicy: \
 
    84 .. _AuthTktAuthenticationPolicy: \
 
    85     http://docs.pylonsproject.org/projects/pyramid/en/latest/api/authentication.html#pyramid.authentication.AuthTktAuthenticationPolicy
 
    85     http://docs.pylonsproject.org/projects/pyramid/en/latest/api/authentication.html#pyramid.authentication.AuthTktAuthenticationPolicy
 
       
    86 
       
    87 Command
 
       
    88 =======
 
       
    89 
       
    90 Summary
 
       
    91 -------
 
       
    92 
       
    93 Add the 'pyramid' command to cubicweb-ctl".
 
       
    94 
       
    95 This cube also add a ``CWSession`` entity type so that sessions can be
 
       
    96 stored in the database, which allows to run a Cubicweb instance
 
       
    97 without having to set up a session storage (like redis or memcache)
 
       
    98 solution.
 
       
    99 
       
   100 However, for production systems, it is greatly advised to use such a
 
       
   101 storage solution for the sessions.
 
       
   102 
       
   103 The handling of the sessions is made by pyramid (see the
 
       
   104 `pyramid's documentation on sessions`_ for more details).
 
       
   105 
       
   106 For example, to set up a redis based session storage, you need the
 
       
   107 `pyramid-redis-session`_ package, then you must configure pyramid to
 
       
   108 use this backend, by configuring the ``pyramid.ini`` file in the instance's
 
       
   109 config directory (near the ``all-in-one.conf`` file):
 
       
   110 
       
   111 
       
   112 .. code-block:: ini
 
       
   113 
       
   114    [main]
 
       
   115    cubicweb.defaults = no # we do not want to load the default cw session handling
 
       
   116 
       
   117    cubicweb.auth.authtkt.session.secret = <secret1>
 
       
   118    cubicweb.auth.authtkt.persistent.secret = <secret2>
 
       
   119    cubicweb.auth.authtkt.session.secure = yes
 
       
   120    cubicweb.auth.authtkt.persistent.secure = yes
 
       
   121 
       
   122    redis.sessions.secret = <secret3>
 
       
   123    redis.sessions.prefix = <my-app>:
 
       
   124 
       
   125    redis.sessions.url = redis://localhost:6379/0
 
       
   126 
       
   127    pyramid.includes =
 
       
   128            pyramid_redis_sessions
 
       
   129            pyramid_cubicweb.auth
 
       
   130            pyramid_cubicweb.login
 
       
   131 
       
   132 
       
   133 See the documentation of `Pyramid Cubicweb`_ for more details.
 
       
   134 
       
   135 .. Warning:: If you want to be able to log in a CubicWeb application
 
       
   136              served by pyramid on a unsecured stream (typically when
 
       
   137              you start an instance in dev mode using a simple
 
       
   138              ``cubicweb-ctl pyramid -D -linfo myinstance``), you
 
       
   139              **must** set ``cubicweb.auth.authtkt.session.secure`` to
 
       
   140              ``no``.
 
       
   141 
       
   142 Secrets
 
       
   143 ~~~~~~~
 
       
   144 
       
   145 There are a number of secrets to configure in ``pyramid.ini``. They
 
       
   146 should be different one from each other, as explained in `Pyramid's
 
       
   147 documentation`_.
 
       
   148 
       
   149 For the record:
 
       
   150 
       
   151 :cubicweb.session.secret: This secret is used to encrypt the session's
 
       
   152    data ID (data themselved are stored in the backend, database or
 
       
   153    redis) when using the integrated (``CWSession`` based) session data
 
       
   154    storage.
 
       
   155 
       
   156 :redis.session.secret: This secret is used to encrypt the session's
 
       
   157    data ID (data themselved are stored in the backend, database or
 
       
   158    redis) when using redis as backend.
 
       
   159 
       
   160 :cubicweb.auth.authtkt.session.secret: This secret is used to encrypt
 
       
   161    the authentication cookie.
 
       
   162 
       
   163 :cubicweb.auth.authtkt.persistent.secret: This secret is used to
 
       
   164    encrypt the persistent authentication cookie.
 
       
   165 
       
   166 
       
   167 .. _`Pyramid Cubicweb`: http://pyramid-cubicweb.readthedocs.org/
 
       
   168 .. _`pyramid's documentation on sessions`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/sessions.html
 
       
   169 .. _`pyramid-redis-session`: http://pyramid-redis-sessions.readthedocs.org/en/latest/index.html
 
       
   170 .. _`Pyramid's documentation`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html#admonishment-against-secret-sharing
cubicweb