Ask Your Question

Keeping track of tokens

asked 2015-04-14 12:21:38 -0600

pentatonic gravatar image

When building a UI or application that potentially performs actions across different projects or even domains, there is a concern about how to keep track of the various tokens that get generated.

For example, a user may initially get an unscoped token, then get 3 different project scoped tokens from that token to perform various project specific operations.

What is a good practice to be able to perform the appropriate house keeping of these tokens? In the situation above, there are 4 tokens. In Horizon for example, which one gets DELETED when doing a sign out? What happens to the others?

In particular if PKI tokens are used, keeping those around may become problematic due to the size, if carried around through cookies.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-04-24 13:55:02 -0600

david-lyle gravatar image

Currently, Horizon only maintains two tokens, an unscoped and the current project scoped token. Although your user may have access to 3 projects, when you select the project scope via the project picker in the header, a scoped token for that project is obtained and the scoped token for the previous project is deleted [1].

When the user logs out the current project scoped token is deleted since that is the only scoped token maintained at that point.

As an additional note, in almost all cases, using a server side session store is recommended. See: for more details.


edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-04-14 12:21:38 -0600

Seen: 181 times

Last updated: Apr 24 '15