Comment 21 for bug 1398893

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix merged to openstack/horizon (openstack-ci/fuel-5.1.1-updates/2014.1.1)

Reviewed: https://review.fuel-infra.org/9341
Submitter: mos-infra-ci <>
Branch: openstack-ci/fuel-5.1.1-updates/2014.1.1

Commit: 818be36550701873b3882ebf687593cac911aeff
Author: Alexey Khivin <email address hidden>
Date: Tue Jul 14 16:37:48 2015

Horizon login page contains DOS attack mechanism

the horizon login page (really the middleware) accesses the session
too early in the login process, which will create session records
in the session backend. This is especially problematic when non-cookie
backends are used.

After speaking with Eric Peterson in IRC private we agreed that line
`response.delete_cookie('logout_reason')` in
openstack_dashboard/views.py is not related to the sessions issue (and
was just a clean-up).

Change-Id: I0aeb98da8e9a21262f4a602a5ddae4a4315100e7
Closes-Bug: #1398893
Closes-Bug: #1399271
(cherry picked from commit ec33d56d4fd93cc8fda4b7ef4ae259de4806f5f3)