[Openstack] Timeout of Horizon web interface when idle
김기석 [KI SEOK KIM]
kskim at netmarble.com
Thu Nov 24 01:54:21 UTC 2016
Keyston token expiration is defined on source code below.
expiration = cfg.IntOpt(
The amount of time that a token should remain valid (in seconds). Drastically
reducing this value may break "long-running" operations that involve multiple
services to coordinate together, and will force users to authenticate with
keystone more frequently. Drastically increasing this value will increase load
on the `[token] driver`, as more tokens will be simultaneously valid. Keystone
tokens are also bearer tokens, so a shorter duration will also reduce the
potential security impact of a compromised token.
You could set keystone conf like this.
expiration = 60
From: Nasir Mahmood [mailto:nasir.mahmood at gmail.com]
Sent: Thursday, November 24, 2016 2:15 AM
To: Kevin Wilson
Subject: Re: [Openstack] Timeout of Horizon web interface when idle
Did you try to find this in keystone configs?
On Nov 23, 2016 9:14 PM, "Kevin Wilson" <wkevils at gmail.com<mailto:wkevils at gmail.com>> wrote:
Since the access to Horizon is kicked out after for sure less than 60
minutes, I assume indeed that it is likely a token which becomes
invalid before the session times out.
Now the real question is: is there a way to configure the time
interval by which a token becomes invalid?
On Wed, Nov 23, 2016 at 12:11 PM, Paul Browne <pfb29 at cam.ac.uk<mailto:pfb29 at cam.ac.uk>> wrote:
> On 23/11/16 05:10, Kevin Wilson wrote:
>> When there are periods of idle activity in the Horizon WebUI of
>> OpenStack, I am kicked off from it and redirected to the login
>> screen of it. It is usually occurs after several minutes of idle
>> activity, something like 10 or 15 minutes or more.
>> Is there a way to control this and make this interval longer ? or is
>> it not an OpenStack Horizon tunable setting and depends simply on
>> reset of the connection done by non OpenStack mechanism ?
> Hello Rami,
> I've seen in the docs that there is a Django Session Timeout setting for
> It says there the default is 3600 seconds (60 minutes), but I've often had a
> Horizon session time out before that. Perhaps because the token becomes
> invalid before the session times out?
> Kind regards,
> Paul Browne
>> Mailing list:
>> Post to : openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
>> Unsubscribe :
> Paul Browne
> Research Computing Platforms
> University Information Services
> Roger Needham Building
> JJ Thompson Avenue
> University of Cambridge
> United Kingdom
> E-Mail: pfb29 at cam.ac.uk<mailto:pfb29 at cam.ac.uk>
> Tel: 0044-1223-46548
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openstack