Comment 33 for bug 1394370

Revision history for this message
Donald Stufft (dstufft) wrote : Re: horizon login page is vulnerable to DOS attack

Blugh. That should probably be changed in Django. There's no reason to create a session until one is being saved.

The session.clear() should still be dropped because even if the fixes land in Django then that will still cause a session to be created on each page load.