From c569bb8527f3f799159185a0b1db3be17409d6f6 Mon Sep 17 00:00:00 2001
From: Tihomir Trifonov <t.trifonov@gmail.com>
Date: Thu, 27 Nov 2014 14:13:56 +0000
Subject: [PATCH] Horizon login page contains DOS attack mechanism

Fixes session cleanup not to create new session
after unsuccessful login.

Partial-Bug: #1394370
---
 openstack_auth/forms.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/openstack_auth/forms.py b/openstack_auth/forms.py
index 2c8092c..8c1fcee 100644
--- a/openstack_auth/forms.py
+++ b/openstack_auth/forms.py
@@ -98,7 +98,6 @@ class Login(django_auth_forms.AuthenticationForm):
             msg = 'Login failed for user "%(username)s".' % \
                 {'username': username}
             LOG.warning(msg)
-            self.request.session.flush()
             raise forms.ValidationError(exc)
         if hasattr(self, 'check_for_test_cookie'):  # Dropped in django 1.7
             self.check_for_test_cookie()
-- 
1.9.1