From 73a444fc1d7d7dded8527483dceaffe01524bc5f Mon Sep 17 00:00:00 2001
From: Tihomir Trifonov <t.trifonov@gmail.com>
Date: Thu, 27 Nov 2014 09:15:56 +0000
Subject: [PATCH] Horizon login page contains DOS attack mechanism

Fixes session cleanup not to create new session
after unsuccessful login.

Partial-Bug: #1394370
---
 openstack_auth/forms.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openstack_auth/forms.py b/openstack_auth/forms.py
index 2c8092c..506af45 100644
--- a/openstack_auth/forms.py
+++ b/openstack_auth/forms.py
@@ -98,7 +98,7 @@ class Login(django_auth_forms.AuthenticationForm):
             msg = 'Login failed for user "%(username)s".' % \
                 {'username': username}
             LOG.warning(msg)
-            self.request.session.flush()
+            self.request.session.delete()
             raise forms.ValidationError(exc)
         if hasattr(self, 'check_for_test_cookie'):  # Dropped in django 1.7
             self.check_for_test_cookie()
-- 
1.9.1