diff --git a/horizon/middleware.py b/horizon/middleware.py
index a0d9c3d3da..885489e5c5 100644
--- a/horizon/middleware.py
+++ b/horizon/middleware.py
@@ -90,16 +90,18 @@ class HorizonMiddleware(object):
         request.horizon = {'dashboard': None,
                            'panel': None,
                            'async_messages': []}
+        if not hasattr(request, "user") or not request.user.is_authenticated():
+            # proceed no further if the current request is already known
+            # not to be authenticated
+            # it is CRITICAL to perform this check as early as possible
+            # to avoid creating too many sessions
+            return None
 
         # Check for session timeout if user is (or was) authenticated.
         has_timed_out, timestamp = self._check_has_timed_timeout(request)
         if has_timed_out:
             return self._logout(request, request.path, _("Session timed out."))
 
-        if not hasattr(request, "user") or not request.user.is_authenticated():
-            # proceed no further if the current request is already known
-            # not to be authenticated
-            return None
         if request.is_ajax():
             # if the request is Ajax we do not want to proceed, as clients can
             #  1) create pages with constant polling, which can create race
diff --git a/openstack_dashboard/views.py b/openstack_dashboard/views.py
index 4ce55ffdc0..0473279f59 100644
--- a/openstack_dashboard/views.py
+++ b/openstack_dashboard/views.py
@@ -41,8 +41,7 @@ def splash(request):
         response = shortcuts.redirect(horizon.get_user_home(request.user))
     else:
         form = forms.Login(request)
-        request.session.clear()
-        request.session.set_test_cookie()
         response = shortcuts.render(request, 'splash.html', {'form': form})
-    response.delete_cookie('logout_reason')
+    if 'logout_reason' in request.COOKIES:
+        response.delete_cookie('logout_reason')
     return response