ephraimbuddy commented on a change in pull request #15295:
URL: https://github.com/apache/airflow/pull/15295#discussion_r612232404
##########
File path: airflow/www/security.py
##########
@@ -170,7 +190,11 @@ def __init__(self, appbuilder):
if not view or not getattr(view, 'datamodel', None):
continue
view.datamodel = CustomSQLAInterface(view.datamodel.obj)
+ app = self.appbuilder.get_app
self.perms = None
+ # Custom cookie session interface
+ # Override to implement your custom cookie session interface
+ app.session_interface = DefaultSessionInterface()
Review comment:
Hi James, I discussed with Ash about this and the plans I have for also
invalidating sessions.
I do not have strong opinion on this but having studied appbuider and that
we also use it, I believe it's not antipattern and security manager is a good
place to place security related components.
I would argue that what we did in airflow.www.extensions is actually an
antipattern following how appbuider is built and also other flask packages.
Ash advised everything session related should be in one place and I would
like if you can take more look at this.
I'll be working on session invalidation and I will be moving it to security
manager too if you do not object and have all session related components moved
too to the security manager.
We can schedule a session and discuss this if you want.
Thanks!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
