# HG changeset patch # User David Douard # Date 1456222462 -3600 # Node ID 04dbef5962439a8360969d2c03b82d83395a63a7 # Parent c3a583e38360354649b5f8d86093bc857102fa53 [doc] add a bit more infos in the README diff -r c3a583e38360 -r 04dbef596243 README --- a/README Mon Feb 22 15:57:10 2016 +0100 +++ b/README Tue Feb 23 11:14:22 2016 +0100 @@ -1,3 +1,75 @@ Summary ------- -Add the 'pyramid' command to cubicweb-ctl" + +Add the 'pyramid' command to cubicweb-ctl". + +This cube also add a ``CWSession`` entity type so that sessions can be +stored in the database, which allows to run a Cubicweb instance +without having to set up a session storage (like redis or memcache) +solution. + +However, for production systems, it is greatly advised to use such a +storage solution for the sessions. + +The handling of the sessions is made by pyramid (see the +`pyramid's documentation on sessions`_ for more details). + +For example, to set up a redis based session storage, you need the +`pyramid-redis-session`_ package, then you must configure pyramid to +use this backend, by configuring the ``pyramid.ini`` file in the instance's +config directory (near the ``all-in-one.conf`` file): + + +.. code-block:: ini + + [main] + cubicweb.defaults = no # we do not want to load the default cw session handling + + cubicweb.auth.authtkt.session.secret = + cubicweb.auth.authtkt.persistent.secret = + cubicweb.auth.authtkt.session.secure = yes + cubicweb.auth.authtkt.persistent.secure = yes + + redis.sessions.secret = + redis.sessions.prefix = : + + redis.sessions.url = redis://localhost:6379/0 + + pyramid.includes = + pyramid_redis_sessions + pyramid_cubicweb.auth + pyramid_cubicweb.login + + +See the documentation of `Pyramid Cubicweb`_ for more details. + + +Secrets +~~~~~~~ + +There are a number of secrets to configure in ``pyramid.ini``. They +should be different one from each other, as explained in `Pyramid's +documentation`_. + +For the record: + +:cubicweb.session.secret: This secret is used to encrypt the session's + data ID (data themselved are stored in the backend, database or + redis) when using the integrated (``CWSession`` based) session data + storage. + +:redis.session.secret: This secret is used to encrypt the session's + data ID (data themselved are stored in the backend, database or + redis) when using redis as backend. + +:cubicweb.auth.authtkt.session.secret: This secret is used to encrypt + the authentication cookie. + +:cubicweb.auth.authtkt.persistent.secret: This secret is used to + encrypt the persistent authentication cookie. + + +.. _`Pyramid Cubicweb`: http://pyramid-cubicweb.readthedocs.org/ +.. _`pyramid's documentation on sessions`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/sessions.html +.. _`pyramid-redis-session`: http://pyramid-redis-sessions.readthedocs.org/en/latest/index.html +.. _`Pyramid's documentation`: http://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html#admonishment-against-secret-sharing