)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":35133,"name":"Jan Jasek","email":"jjasek@redhat.com","username":"janjasek"},"change_message_id":"7d441b70880771ed03a282d616d692d0d320a022","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"68f3e7bb_6afa30d5","updated":"2026-04-28 13:43:16.000000000","message":"Hi @openstack@dopieralski.pl, cookies is not my strong point and I do not have SSO environment to test it properly but I have a few questions based on the code changes.\n\nWill it work properly when the Authentication is picked from the dropdown menu, and there is no ```WEBSSO_DEFAULT_REDIRECT``` set?\nI mean when we have ```WEBSSO_ENABLED, WEBSSO_CHOICES``` but not ```WEBSSO_DEFAULT_REDIRECT``` so it does not redirects you immediately when you try to load Horizon but you load Horizon Login page, pick SSO from dropdown menu, click Login and it (POST action URL) will point you to ```/auth/login/``` with ```auth_type``` and the “next” like /identity/’ is moved to form body.\nSo if there is only ```next_url \u003d request.GET.get(\u0027next\u0027)``` then in the case of POST, it is missed?\n\nBecause the normal login is completely the same process (only POST) and it works well, when I use ```http://xxx/dashboard/auth/login/?next\u003d/dashboard/project/instances/``` it points me properly after login, but I think that it is because how Django works, but in cookies I can see ```login_redirect``` is ```None```, and for this specific ```POST``` I can see the address iss ```http://xxx/dashboard/auth/login/``` and the \"next\" is already moved under \"Form data\" ```next: \"/dashboard/project/instances/\"```\n\nAm I wrong? Could you please simply clarify it for me? (if it is too complicated, just say I am wrong and I will study it deeper when I have time).\n\nAnd another thing I noticed is that the old code used ```session.pop()``` which removed the value. Now it leaves the cookie there? For 365 days? Which brings another point - do we want a 365 day expiry for a one-time required url? Can we set shorter Max-Age?","commit_id":"6e0120cbd60749fd6e458f6c87824592344d1287"},{"author":{"_account_id":32432,"name":"Owen McGonagle","email":"omcgonag@redhat.com","username":"omcgonag"},"change_message_id":"1d5a1767eab8c00ce6021a523fd704f659699cd2","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"75245999_79712ad7","updated":"2026-04-28 21:28:04.000000000","message":"I ran a small test and verified I do not see a sessionID in the redirect response. I don\u0027t fully understand the details in Jan\u0027s comment - thus, can\u0027t give it a +1 right now.","commit_id":"6e0120cbd60749fd6e458f6c87824592344d1287"},{"author":{"_account_id":8648,"name":"Radomir Dopieralski","email":"openstack@dopieralski.pl","username":"thesheep"},"change_message_id":"78c31e64891164eb3978b97ed9570815b2d2ea8c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"983eefa1_6daf5f4a","in_reply_to":"68f3e7bb_6afa30d5","updated":"2026-04-29 13:01:01.000000000","message":"I was hoping to not have to delete the cookie, because it would be set to empty value when there is no next in the url, but as you point out, the login form does a redirect to a url without next, and then we set the cookie to none prematurely.\n\nI now modified the code to only set the cookie when the method is GET, which should be basically just on initial display of the login form (or the automatic redirect to websso), and delete the cookie after it has been used.\n\nI\u0027m not sure what max-age is appropriate, because users could potentially spend a long time on the websso login page. I set it to one hour for now.\n\nI tested the creation of the cookie, and can see it\u0027s being set properly, but I don\u0027t have a functioning websso setup to test the actual redirect and deleting of the cookie.","commit_id":"6e0120cbd60749fd6e458f6c87824592344d1287"},{"author":{"_account_id":35133,"name":"Jan Jasek","email":"jjasek@redhat.com","username":"janjasek"},"change_message_id":"f3c816a1b521036861f54d0167b4f747e400131b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"26386496_0814ce30","updated":"2026-04-30 13:50:06.000000000","message":"I currently do not have an SSO environment so I can not verify it practically.\nBut current logic looks good to me, I can not see any obvious problem. Max-age one hour sounds reasonable to me.\nThanks Radomir!","commit_id":"ac250004a62b909f33b4a06b41123aa0e46244f0"},{"author":{"_account_id":6914,"name":"Tatiana Ovchinnikova","email":"t.v.ovtchinnikova@gmail.com","username":"tmazur"},"change_message_id":"25de2ba2e0ae2dbfc4a603df041246e2673d927c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"d98ecd47_f949b2b1","updated":"2026-04-30 14:54:09.000000000","message":"LGTM, thank you!","commit_id":"ac250004a62b909f33b4a06b41123aa0e46244f0"},{"author":{"_account_id":35133,"name":"Jan Jasek","email":"jjasek@redhat.com","username":"janjasek"},"change_message_id":"e961f4e7c9e5ae9a91850b5d325bdf36910accf3","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"9c5b3995_2ef1bb79","updated":"2026-04-30 08:26:13.000000000","message":"recheck, weird failure, pep8 works well for other patches in CI.","commit_id":"ac250004a62b909f33b4a06b41123aa0e46244f0"}]}