[openstack-dev] [Horizon] Cookie collision between Horizon & Stacktach

Gabriel Hurley Gabriel.Hurley at nebula.com
Fri Oct 31 19:44:28 UTC 2014 

I have no familiarity with stacktach, but it sounds like it's trampling data on the sessionid cookie (even if it's also setting a beaker.session.stacktach cookie).

Your options include running the two at different domains/subdomains (and specifying the subdomain as the cookie domain; that needs to be explicit), or you can change the Django cookie names using settings:

Session cookie name: https://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-name
CSRF cookie name: https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-CSRF_COOKIE_NAME

It doesn't sound like you had a CSRF cookie problem though. It is expected behavior that if you clear your cookies and don't revisit the login page to get a new CSRF token that form POSTs will fail.

    - Gabriel

-----Original Message-----
From: Aaron Sahlin [mailto:asahlin at linux.vnet.ibm.com] 
Sent: Friday, October 31, 2014 12:37 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: [openstack-dev] [Horizon] Cookie collision between Horizon & Stacktach

I was posed this question, but am not familiar with Horizon or StackTach 
cookie management.      Anyone know what the issue might be?

Issue: Logging into one site logs you out of the other. (horizon/stacktach)

First I open horizon and notice there are two cookies: csrftoken
(horizon) and sessionid. I log into Horizon, then open up a new tab and log into stacktach (same domain, different port). After logging into stacktach, there's another cookie created named beaker.session.stacktach.  I go back to the horizon dashboard and get logged off after clicking anything. After trying to log back in, this error comes up: "Your Web browser doesn't appear to have cookies enabled. Cookies are required for logging in." I then clear the cookies and am able to log in, but see this error message: "Forbidden (403) CSRF verification failed. Request aborted." I go back to the Horizon log in page, finally log in, go to stacktach tab and am logged out of that.

Note that stacktach is at a separate port on the controller and uses beaker to create the cookie session. I've read that cookies aren't port-speciic on the same domain name, but should still work with different cookie names.. I've also tried changing the paths on the stacktach urls, but no luck there either.


_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

More information about the OpenStack-dev mailing list