Comment 10 for bug 1822751

The Django settings mentioned in #3 seem to be related to the cookies managed by Django session. Horizon is managing some by is own [0].

We could probably start a discussion with horizon to fix that but at least we can add in charm another layer of security. The review [1] may be a good start.

[0] https://github.com/openstack/horizon/blob/master/openstack_auth/views.py
[1] https://review.opendev.org/#/c/649274/