I would recommend just flat out deleting that session manipulation code there. The Django login code already will ensure that session keys are rotated on authentication boundaries without creating a new session on every page load so the clearing of the session doesn't really do much of anything there. Setting the test cookie I don't think will hurt anything but I don't think you need it either TBH.
I haven't read the entire ticket, however if this is your login view: https:/ /github. com/openstack/ horizon/ blob/master/ openstack_ dashboard/ views.py# L38-L48 then that's your problem right there. The request. session. clear() deletes the session and sets modified=True so it will create a new session.
I would recommend just flat out deleting that session manipulation code there. The Django login code already will ensure that session keys are rotated on authentication boundaries without creating a new session on every page load so the clearing of the session doesn't really do much of anything there. Setting the test cookie I don't think will hurt anything but I don't think you need it either TBH.