Comment 20 for bug 1394370

@Tristan - I am a bit cautious to say that the SessionStore.load() method should be monkey patched. The concerning part is that the session store can be customized during deployment. Historically signed cookies have been used a lot, which do not suffer from this problem. In addition, I am not confident how many session stores have this issue or not. Finally, I think this issue is not new to Django, and they seem to have this behavior deliberately. It could be that changing this behavior could cause an even worse side effect (but honestly I do not know).

I think the patch thus far at least makes it so a simple curl script for the login page will not overwhelm the db. This is a good first step.

What Tihomir and I discussed via IRC was that we could probably make changes to the django-openstack-auth repo that would further improve things and reduce the likelihood of creating new sessions. Those changes are not complete at this point and will require some more work.