if horizon (djanog) redirects to http://hacked_site after login, it would just perform a simple redirect [1] to the hacked site. Horizon stores the session information of the login user in the cookie, but the cookie will be scoped to the domain of horizon. So the bad site it redirected to will not be able to access any of the session information.
if horizon (djanog) redirects to http:// hacked_ site after login, it would just perform a simple redirect [1] to the hacked site. Horizon stores the session information of the login user in the cookie, but the cookie will be scoped to the domain of horizon. So the bad site it redirected to will not be able to access any of the session information.
[1] https:/ /github. com/django/ django/ blob/master/ django/ contrib/ auth/views. py#L47- L53