Web session when using pyramid#
CWSession entity type so that sessions can be
stored in the database, which allows to run a Cubicweb instance
without having to set up a session storage (like redis or memcache)
However, for production systems, it is greatly advised to use such a storage solution for the sessions.
The handling of the sessions is made by pyramid (see the `pyramid's documentation on sessions`_ for more details).
For example, to set up a redis based session storage, you need the `pyramid-session-redis`_ package, then you must configure pyramid to use this backend, by configuring the pyramid configuration file:
[main] cubicweb.defaults = no # we do not want to load the default cw session handling cubicweb.auth.authtkt.session.secret = <secret1> cubicweb.auth.authtkt.persistent.secret = <secret2> cubicweb.auth.authtkt.session.secure = yes cubicweb.auth.authtkt.persistent.secure = yes redis.sessions.secret = <secret3> redis.sessions.prefix = <my-app>: redis.sessions.url = redis://localhost:6379/0 cubicweb.pyramid.auth = yes pyramid.includes = pyramid_session_redis
If you want to be able to log in a CubicWeb application
served by pyramid on a unsecured stream (typically when
you start an instance in dev mode using a simple
cubicweb-ctl start -D -linfo myinstance), you
There are a number of secrets to configure in
should be different one from each other, as explained in `Pyramid's
For the record, regarding session handling:
This secret is used to encrypt the session’s data ID (data themselved are stored in the backend, database or redis) when using the integrated (
CWSessionbased) session data storage.
This secret is used to encrypt the session’s data ID (data themselved are stored in the backend, database or redis) when using redis as backend.
Activate the CubicWeb session factory.
It is automatically included by the configuration system, unless the following entry is added to the Pyramid Settings file:
cubicweb.pyramid.session = no
- cubicweb.pyramid.session.CWSessionFactory(secret, cookie_name='session', max_age=None, path='/', domain=None, secure=False, httponly=True, set_on_exception=True, timeout=1200, reissue_time=120, hashalg='sha512', salt='pyramid.session.', serializer=None)#
A pyramid session factory that store session data in the CubicWeb database.
Storage is done with the ‘CWSession’ entity, which is provided by the ‘pyramid’ cube.
Although it provides a sane default behavior, this session storage has a serious overhead because it uses RQL to access the database.
Using pure SQL would improve a bit (it is roughly twice faster), but it is still pretty slow and thus not an immediate priority.
It is recommended to use faster session factory (pyramid_session_redis for example) if you need speed.