logout/ session timeout redirects to incorrect URL

Hi Bruce,

Your problem is with Ubuntu. Maybe this it's a duplicate bug, see bug number: 1243187

It would seem to be the same as that yes, The one part where this could be a security related issue is that since the session timeout auto logout fails, if you change the uri to /horizon/ you are still logged in and can access.

I would say that could fall into the category of improper session invalidation

Hello Bruce,

I understand that are you talking about two issues (maybe related or not). The first one is the failed redirect thats it's replicated by 1243187 bug and the other one is about session timeout auto logout fails: "if you change the uri to /horizon/ you are still logged in and can access".

I think that you should close this ticket because it's a duplicated of 1243187 and open a new with the that you tell us about improper session invalidation.

Best regards.

I assume, both issues are connected, since the redirect to the logout url will fail for the same reason.

You could see, if the following patch in settings.py will help you:
SITE_BRANDING = 'OpenStack Dashboard'

+WEBROOT = '/horizon'
+LOGIN_URL = WEBROOT + '/auth/login/'
+LOGOUT_URL = WEBROOT + '/auth/logout/'
+# LOGIN_REDIRECT_URL can be used as an alternative for
+# HORIZON_CONFIG.user_home, if user_home is not set.
+# Do not set it to '/home/', as this will cause circular redirect loop
+LOGIN_REDIRECT_URL = WEBROOT

MEDIA_ROOT = os.path.abspath(os.path.join(ROOT_PATH, '..', 'media'))

For Fedora and EPEL packages, we're using this approach, and it just works.