Horizon login page contains DOS attack mechanism
the horizon login page (and middleware) accesses the session too early in the login process, which will create session records in the session backend. This is especially problematic when non-cookie backends are used. Co-Authored-By: Tihomir Trifonov <t.trifonov@gmail.com> Co-Authored-By: Eric Peterson <eric.peterson1@twcable.com> Change-Id: I9a4999eb5f053515575ef09b8ba9d3bb3f114e5c Closes-Bug: 1394370
This commit is contained in:
parent
7c5f759473
commit
e676c88a32
|
@ -98,7 +98,6 @@ class Login(django_auth_forms.AuthenticationForm):
|
|||
msg = 'Login failed for user "%(username)s".' % \
|
||||
{'username': username}
|
||||
LOG.warning(msg)
|
||||
self.request.session.flush()
|
||||
raise forms.ValidationError(exc)
|
||||
if hasattr(self, 'check_for_test_cookie'): # Dropped in django 1.7
|
||||
self.check_for_test_cookie()
|
||||
|
|
Loading…
Reference in New Issue