Comment 2 for bug 1764622

I managed to identify the issue.

The "request" attribute is not available [1] when the first request happens after a server restart. This means the whole authentication mechanism falls back to "AnonymousUser" and you are getting redirected to the login page due to horizon.exceptions.NotAuthenticated being raised. [2]

The "request" attribute is monkey patched by openstack_auth.utils. [3] But there is nowhere in Horizon where this module is imported at startup. It's only introspected by openstack_dashboarb.urls due to AUTHENTICATION_URLS setting. [4]

This means the monkey patching won't happen until a user requests a page under auth/ which will have the side-effect of monkey patching django.contrib.auth.middleware as expected.

This also means that once a request is done, the session will be restored and you will be properly authenticated if you directly request a page other than auth/.

If you have multiple processes/workers, you will need to hit all of them once to fix the session issue and trigger the monkey patching for all of them.

[1] https://github.com/openstack/horizon/blob/a53f012fa1c0724ee4d532e782e6b2fe88ef8fa8/openstack_auth/backend.py#L66-L87
[2] https://github.com/openstack/horizon/blob/a53f012fa1c0724ee4d532e782e6b2fe88ef8fa8/horizon/decorators.py#L40-L54
[3] https://github.com/openstack/horizon/blob/a53f012fa1c0724ee4d532e782e6b2fe88ef8fa8/openstack_auth/utils.py#L63
[4] https://github.com/openstack/horizon/blob/a53f012fa1c0724ee4d532e782e6b2fe88ef8fa8/openstack_dashboard/urls.py#L52