diff options
author | eric <eric.peterson1@twcable.com> | 2014-12-08 16:38:26 -0700 |
---|---|---|
committer | eric <eric.peterson1@twcable.com> | 2014-12-08 16:43:49 -0700 |
commit | e676c88a329af57d6c4f13df54f6e1e06c1f8360 (patch) | |
tree | b0fd5e0951d00b3c7dd2ccc35f8abc04badea40f | |
parent | 7c5f759473960ddccf81cc426587e3ff43810f5b (diff) | |
download | django_openstack_auth-e676c88a329af57d6c4f13df54f6e1e06c1f8360.tar.gz |
Horizon login page contains DOS attack mechanism1.1.8
the horizon login page (and middleware) accesses the session
too early in the login process, which will create session records
in the session backend. This is especially problematic when non-cookie
backends are used.
Co-Authored-By: Tihomir Trifonov <t.trifonov@gmail.com>
Co-Authored-By: Eric Peterson <eric.peterson1@twcable.com>
Change-Id: I9a4999eb5f053515575ef09b8ba9d3bb3f114e5c
Closes-Bug: 1394370
-rw-r--r-- | openstack_auth/forms.py | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/openstack_auth/forms.py b/openstack_auth/forms.py index 2c8092c..8c1fcee 100644 --- a/openstack_auth/forms.py +++ b/openstack_auth/forms.py @@ -98,7 +98,6 @@ class Login(django_auth_forms.AuthenticationForm): msg = 'Login failed for user "%(username)s".' % \ {'username': username} LOG.warning(msg) - self.request.session.flush() raise forms.ValidationError(exc) if hasattr(self, 'check_for_test_cookie'): # Dropped in django 1.7 self.check_for_test_cookie() |