the horizon login page (really the middleware) accesses the session
too early in the login process, which will create session records
in the session backend. This is especially problematic when non-cookie
backends are used.
After speaking with Eric Peterson in IRC private we agreed that line
`response.delete_cookie('logout_reason')` in
openstack_dashboard/views.py is not related to the sessions issue (and
was just a clean-up).
Reviewed: https:/ /review. fuel-infra. org/9341 ci/fuel- 5.1.1-updates/ 2014.1. 1
Submitter: mos-infra-ci <>
Branch: openstack-
Commit: 818be3655070187 3b3882ebf687593 cac911aeff
Author: Alexey Khivin <email address hidden>
Date: Tue Jul 14 16:37:48 2015
Horizon login page contains DOS attack mechanism
the horizon login page (really the middleware) accesses the session
too early in the login process, which will create session records
in the session backend. This is especially problematic when non-cookie
backends are used.
After speaking with Eric Peterson in IRC private we agreed that line delete_ cookie( 'logout_ reason' )` in dashboard/ views.py is not related to the sessions issue (and
`response.
openstack_
was just a clean-up).
Change-Id: I0aeb98da8e9a21 262f4a602a5ddae 4a4315100e7 8fda4b7ef4ae259 de4806f5f3)
Closes-Bug: #1398893
Closes-Bug: #1399271
(cherry picked from commit ec33d56d4fd93cc