Superset : UserWarning: The 'session' cookie is too large

[haripriyacv]

With Apache Superset version 3 and up, I am facing issues with session cookies. Authentication is configured through keycloak. I am facing the following error for a few users.

superset[8715]: /apps/venv/lib64/python3.9/site-packages/werkzeug/sansio/response.py:261: UserWarning: The 'session' cookie is too large: the value was 4059 bytes but the header required 40 extra bytes. The final size was 4099 bytes but the limit is 4093 bytes. Browsers may silently ignore cookies larger than this.

My session configuration in config.py is as below:

SESSION_COOKIE_HTTPONLY = True  # Prevent cookie from being read by frontend JS?
SESSION_COOKIE_SECURE = False  # Prevent cookie from being transmitted over non-tls?
SESSION_COOKIE_SAMESITE: Literal["None", "Lax", "Strict"] | None = "Lax"
# Whether to use server side sessions from flask-session or Flask secure cookies
SESSION_SERVER_SIDE = False

Never faced this issue with version 2. Please help urgently.

[dosubot[bot]]

To resolve the 'session' cookie size issue in Apache Superset version 3 when using Keycloak for authentication, you can switch to server-side sessions. This can be done by configuring the session to use a backend like Redis. Here is how you can modify the config.py to use Redis for server-side sessions:

# Whether to use server side sessions from flask-session or Flask secure cookies
SESSION_SERVER_SIDE = True

# Example config using Redis as the backend for server side sessions
from flask_session import RedisSessionInterface

SESSION_TYPE = "redis"
SESSION_REDIS = Redis(host="localhost", port=6379, db=0)

This configuration will store session data on the server side, reducing the size of the session cookie sent to the client ^[1].

To continue talking to Dosu, mention @dosu.

[haripriyacv]

I have made the suggested change and now I am getting below error and superset won't start

Traceback (most recent call last):
File "/apps/venv/bin/superset", line 5, in
from superset.cli.main import superset
File "/apps/venv/lib64/python3.9/site-packages/superset/cli/main.py", line 28, in
from superset.cli.lib import normalize_token
File "/apps/venv/lib64/python3.9/site-packages/superset/cli/lib.py", line 20, in
from superset import config
File "/apps/venv/lib64/python3.9/site-packages/superset/config.py", line 1480, in
from flask_session import RedisSessionInterface
ImportError: cannot import name 'RedisSessionInterface' from 'flask_session' (/apps/venv/lib64/python3.9/site-packages/flask_session/init.py)

[dosubot[bot]]

To resolve the ImportError: cannot import name 'RedisSessionInterface' from 'flask_session', you should use the correct import statement for the RedisSessionInterface. The correct import statement is:

from flask_session.sessions import RedisSessionInterface

Here is the updated configuration for your config.py:

from flask_session.sessions import RedisSessionInterface
from redis import Redis

SESSION_SERVER_SIDE = True
SESSION_TYPE = "redis"
SESSION_REDIS = Redis(host="localhost", port=6379, db=0)

Make sure to replace the incorrect import statement with the correct one in your configuration file ^[1].

To continue talking to Dosu, mention @dosu.

[haripriyacv]

Traceback (most recent call last):
File "/apps/venv/bin/superset", line 5, in
from superset.cli.main import superset
File "/apps/venv/lib64/python3.9/site-packages/superset/cli/main.py", line 28, in
from superset.cli.lib import normalize_token
File "/apps/venv/lib64/python3.9/site-packages/superset/cli/lib.py", line 20, in
from superset import config
File "/apps/venv/lib64/python3.9/site-packages/superset/config.py", line 1481, in
from flask_session.sessions import RedisSessionInterface
ModuleNotFoundError: No module named 'flask_session.sessions'

[dosubot[bot]]

To resolve the ModuleNotFoundError: No module named 'flask_session.sessions' error, you need to ensure that the Flask-Session package is installed. You can install it using pip:

pip install Flask-Session

Additionally, make sure you are using the correct version of Flask-Session. According to the requirements for Apache Superset, the required version is:

flask-session==0.8.0

You can specify this version when installing:

pip install Flask-Session==0.8.0

After ensuring the correct version is installed, your config.py should include the following configuration:

from flask_session import Session
from redis import Redis

SESSION_SERVER_SIDE = True
SESSION_TYPE = "redis"
SESSION_REDIS = Redis(host="localhost", port=6379, db=0)

In the Superset initialization code, the Session class from flask_session is used to configure the session if SESSION_SERVER_SIDE is enabled:

from flask_session import Session

class SupersetAppInitializer:
    # Other methods and initializations

    def configure_session(self) -> None:
        if self.config["SESSION_SERVER_SIDE"]:
            Session(self.superset_app)

These steps should resolve the ModuleNotFoundError by ensuring that the Flask-Session module is available and properly configured ^[1][2][3].

To continue talking to Dosu, mention @dosu.

[haripriyacv]

Thank you. This is now fixed for both Superset version 3 and 4. The steps followed are below:

1. activate virtual environment in which you have superset installed.
2. pip install flask-session redis
3. vi ./venv/lib/python3.9/site-packages/superset/config.py
Edit the following:
====
SESSION_COOKIE_HTTPONLY = True  # Prevent cookie from being read by frontend JS?
SESSION_COOKIE_SECURE = False  # Prevent cookie from being transmitted over non-tls?
SESSION_COOKIE_SAMESITE: Literal["None", "Lax", "Strict"] | None = "Lax"
# Whether to use server side sessions from flask-session or Flask secure cookies
SESSION_SERVER_SIDE = True
# Example config using Redis as the backend for server side sessions
# from flask_session import RedisSessionInterface
from flask_session import Session
from redis import Redis
#
# SESSION_SERVER_SIDE = True
# SESSION_USE_SIGNER = True
SESSION_TYPE = "redis"
SESSION_REDIS = Redis(host="localhost", port=6379, db=0)
====
4. superset init
5. Install redis:
sudo dnf module list | grep redis
sudo dnf module install redis     (install 6 or above)
 sudo systemctl enable redis.service 
sudo systemctl start redis.service 

6. sudo systemctl restart superset.service