[horizon][dev] Multiple Login Sessions Enhancement Proposal
Hi, Based on a new feature request about Horizon's login session, we would like to know if you're open to considering the improvement described below. If that is the case, we can submit a spec and upstream that implementation when the feature is done. Currently, a specific user is able to create multiple login sessions in Horizon, allowing him to log in to Horizon from multiple browsers/devices at the same time. The proposal is to have a parameterized solution and have a configuration to control how Horizon's login sessions are handled, the configuration options would be as below: 1 - Default option, allow the user to create multiple login sessions - this is the current behavior; 2 - Block subsequent login attempts if the user already has an active session; 3 - Invalidate the active session (if there is one) when the user creates a new one. Option number 2 obligates the user to log out of the system before opening a new one, on the other hand, in option number 3, the Horizon application is in charge of invalidating any previous active session and keeping only the latest one. This solution targets only Horizon login sessions, not affecting other kinds of sessions (e.g.: CLI).
Hi Ricardo, you may want to consider checking out and contributing to the Skyline project [1]. A more modern approach at Web UI for OpenStack. It has, most likely, brighter future than Horizon. [1] https://opendev.org/skyline -yoctozepto On Fri, Sep 10, 2021 at 4:19 PM Soares Sarto, Ricardo <Ricardo.SoaresSarto@windriver.com> wrote:
Hi,
Based on a new feature request about Horizon's login session, we would like to know if you're open to considering the improvement described below. If that is the case, we can submit a spec and upstream that implementation when the feature is done.
Currently, a specific user is able to create multiple login sessions in Horizon, allowing him to log in to Horizon from multiple browsers/devices at the same time.
The proposal is to have a parameterized solution and have a configuration to control how Horizon's login sessions are handled, the configuration options would be as below:
1 - Default option, allow the user to create multiple login sessions - this is the current behavior;
2 - Block subsequent login attempts if the user already has an active session;
3 - Invalidate the active session (if there is one) when the user creates a new one.
Option number 2 obligates the user to log out of the system before opening a new one, on the other hand, in option number 3, the Horizon application is in charge of invalidating any previous active session and keeping only the latest one.
This solution targets only Horizon login sessions, not affecting other kinds of sessions (e.g.: CLI).
Hi Ricardo, Any contributions in horizon are most welcome.Feel free to reach me or other horizon team members on irc (#openstack-horizon) at OFTC n/w. for any related queries. Thanks & Regards, Vishal Manchanda On Fri, Sep 10, 2021 at 7:50 PM Soares Sarto, Ricardo < Ricardo.SoaresSarto@windriver.com> wrote:
Hi,
Based on a new feature request about Horizon's login session, we would like to know if you're open to considering the improvement described below. If that is the case, we can submit a spec and upstream that implementation when the feature is done.
Currently, a specific user is able to create multiple login sessions in Horizon, allowing him to log in to Horizon from multiple browsers/devices at the same time.
The proposal is to have a parameterized solution and have a configuration to control how Horizon's login sessions are handled, the configuration options would be as below:
1 - Default option, allow the user to create multiple login sessions - this is the current behavior;
2 - Block subsequent login attempts if the user already has an active session;
3 - Invalidate the active session (if there is one) when the user creates a new one.
Option number 2 obligates the user to log out of the system before opening a new one, on the other hand, in option number 3, the Horizon application is in charge of invalidating any previous active session and keeping only the latest one.
This solution targets only Horizon login sessions, not affecting other kinds of sessions (e.g.: CLI).
participants (3)
-
Radosław Piliszek
-
Soares Sarto, Ricardo
-
vishal manchanda