Files
@ 70e29dc91deb
Branch filter:
Location: kallithea/docs/usage/locking.rst - annotation
70e29dc91deb
1.3 KiB
text/prs.fallenstein.rst
ini file: clarify that beaker.session.key should be unique
When several instances of Kallithea are running on the same machine, the
same browser cannot be logged into both instances at the same time without
conflicts. The login session are saved into the same cookie; logging into
one instance closes the session on the second instance and vice-versa.
This is caused because the cookie name is simply 'kallithea', combined with
the fact that the cookie specification (RFC6265) states that there is no
isolation of cookies based on port. This means that the browser sends all
cookies from a given domain with all services (Kallithea instances) running
on that domain, irrespective of port.
The services thus need to handle any such issue themselves, for example by
using unique cookie names and only interacting with one's own cookie.
Making the key unique when creating the configuration file proved difficult:
- it does not seem possible to hook into 'paster make-config'
- since Beaker directly interprets the beaker.session.key, changing it on
the fly from SessionMiddleware will not work correctly.
There is a kallithea-config script that is an alternative to 'paster
make-config' which would be the ideal place to make such changes. However,
it seems this method is not advocated over 'paster make-config' (yet?).
Instead, simply add a comment in the config file and let the user take care
of it.
When several instances of Kallithea are running on the same machine, the
same browser cannot be logged into both instances at the same time without
conflicts. The login session are saved into the same cookie; logging into
one instance closes the session on the second instance and vice-versa.
This is caused because the cookie name is simply 'kallithea', combined with
the fact that the cookie specification (RFC6265) states that there is no
isolation of cookies based on port. This means that the browser sends all
cookies from a given domain with all services (Kallithea instances) running
on that domain, irrespective of port.
The services thus need to handle any such issue themselves, for example by
using unique cookie names and only interacting with one's own cookie.
Making the key unique when creating the configuration file proved difficult:
- it does not seem possible to hook into 'paster make-config'
- since Beaker directly interprets the beaker.session.key, changing it on
the fly from SessionMiddleware will not work correctly.
There is a kallithea-config script that is an alternative to 'paster
make-config' which would be the ideal place to make such changes. However,
it seems this method is not advocated over 'paster make-config' (yet?).
Instead, simply add a comment in the config file and let the user take care
of it.
aa17c7a1b8a5 aa17c7a1b8a5 aa17c7a1b8a5 e73a69cb98dc aa17c7a1b8a5 aa17c7a1b8a5 aa17c7a1b8a5 03bbd33bc084 03bbd33bc084 03bbd33bc084 03bbd33bc084 03bbd33bc084 03bbd33bc084 8b8edfc25856 aa17c7a1b8a5 aa17c7a1b8a5 aa17c7a1b8a5 aa17c7a1b8a5 8b8edfc25856 aa17c7a1b8a5 aa17c7a1b8a5 8b8edfc25856 aa17c7a1b8a5 aa17c7a1b8a5 8b8edfc25856 aa17c7a1b8a5 aa17c7a1b8a5 aa17c7a1b8a5 03bbd33bc084 8b8edfc25856 aa17c7a1b8a5 8b8edfc25856 aa17c7a1b8a5 03bbd33bc084 03bbd33bc084 aa17c7a1b8a5 03bbd33bc084 03bbd33bc084 | .. _locking:
===================================
Kallithea repository locking system
===================================
The scenario for repos with `locking function` enabled is that
every initial clone and every pull gives users (with write permission)
the exclusive right to do a push.
Each repo can be manually unlocked by admin from the repo settings menu.
| Repos with **locking function=disabled** is the default, that's how repos work
today.
| Repos with **locking function=enabled** behaves like follows:
Repos have a state called `locked` that can be true or false.
The hg/git commands `hg/git clone`, `hg/git pull`, and `hg/git push`
influence this state:
- The command `hg/git pull <repo>` will lock that repo (locked=true)
if the user has write/admin permissions on this repo
- The command `hg/git clone <repo>` will lock that repo (locked=true) if the
user has write/admin permissions on this repo
Kallithea will remember the user id who locked the repo so
only this specific user can unlock the repo (locked=false) by calling
- `hg/git push <repo>`
Every other command on that repo from this user and
every command from any other user will result in http return code 423 (locked).
Additionally, the http error includes the <user> that locked the repo
(e.g. “repository <repo> locked by user <user>”).
|