If both the keystone token and the session expired, the user was asked to login
twice. This is because the token expiration was not checked.
When a user had timed out both in session and keystone token validity, the user
was asked to log in, then the timestamp was checked, and the user logged out
again and asked to log in a second time.
We now check both the timestamp and keystone token validity before
authentication validity and force back the login page to retrieve a new
keystone token, avoiding the timeout race condition between session and token
validity which was forcing a dual login. A keystone token expiration is now
considered as a session timeout too.
Also, a page can start loading while the token is valid, and finish while it's
invalid. This was leading to errors during the page loading.
We now set a TOKEN_TIMEOUT_MARGIN period in seconds which allows defining
a margin before which we consider the token as expired.
This is a configurable parameter in the django settings because the time a page
takes to render is infra and deployment specific. This margin is preset to
ten seconds.
Requires: https://review.openstack.org/101556
Closes-Bug: 1308918
Change-Id: I0bf0d079a9dc000c1a30f0e20dcaa03b22d63e51