Horizon login page contains DOS attack mechanism

the horizon login page (and middleware) accesses the session too early in the login process, which will create session records in the session backend. This is especially problematic when non-cookie backends are used. Co-Authored-By: Tihomir Trifonov <t.trifonov@gmail.com> Co-Authored-By: Eric Peterson <eric.peterson1@twcable.com> Change-Id: I9a4999eb5f053515575ef09b8ba9d3bb3f114e5c Closes-Bug: 1394370
openstack-archive · Dec 8, 2014 · e676c88 · e676c88
1 parent 7c5f759
commit e676c88
Showing 1 changed file with 0 additions and 1 deletion.
diff --git a/openstack_auth/forms.py b/openstack_auth/forms.py
@@ -98,7 +98,6 @@ def clean(self):
             msg = 'Login failed for user "%(username)s".' % \
                 {'username': username}
             LOG.warning(msg)
-            self.request.session.flush()
             raise forms.ValidationError(exc)
         if hasattr(self, 'check_for_test_cookie'):  # Dropped in django 1.7
             self.check_for_test_cookie()