diff --git a/.zuul.d/project.yaml b/.zuul.d/project.yaml
index bd8d24dfebd..945d7a766e6 100644
--- a/.zuul.d/project.yaml
+++ b/.zuul.d/project.yaml
@@ -5,7 +5,6 @@
       - horizon-cross-jobs
       - horizon-nodejs14-jobs
       - horizon-non-primary-django-jobs
-      - openstack-lower-constraints-jobs
       - openstack-python3-yoga-jobs
       - periodic-stable-jobs
       - publish-openstack-docs-pti
diff --git a/lower-constraints.txt b/lower-constraints.txt
deleted file mode 100644
index 43eb5a3d369..00000000000
--- a/lower-constraints.txt
+++ /dev/null
@@ -1,155 +0,0 @@
-alabaster==0.7.10
-amqp==2.1.1
-appdirs==1.4.0
-asn1crypto==0.23.0
-Babel==2.6.0
-cachetools==2.0.0
-cffi==1.14.0
-chardet==3.0.4
-cliff==2.8.0
-cmd2==0.8.0
-colorama==0.3.9
-contextlib2==0.4.0
-coverage==4.0
-cryptography==3.0
-debtcollector==1.2.0
-decorator==4.4.2
-deprecation==1.0
-Django==3.2
-django-appconf==1.0.5
-django-compressor==2.4.1
-django-debreach==1.4.2
-django-pyscss==2.0.2
-docutils==0.11
-dogpile.cache==0.6.2
-dulwich==0.15.0
-enmerkar==0.7.1
-eventlet==0.18.2
-extras==1.0.0
-fasteners==0.7.0
-fixtures==3.0.0
-freezegun==0.3.15
-futurist==1.2.0
-greenlet==0.4.10
-idna==2.6
-imagesize==0.7.1
-iso8601==0.1.11
-Jinja2==2.10
-jmespath==0.9.0
-jsonpatch==1.16
-jsonpointer==1.13
-jsonschema==2.6.0
-keystoneauth1==4.3.1
-kombu==4.0.0
-linecache2==1.0.0
-MarkupSafe==1.0
-mccabe==0.6.0
-monotonic==0.6
-msgpack-python==0.4.0
-munch==2.1.0
-netaddr==0.7.18
-netifaces==0.10.4
-nodeenv==0.9.4
-openstacksdk==0.11.2
-os-client-config==1.28.0
-os-service-types==1.2.0
-osc-lib==1.8.0
-oslo.concurrency==4.5.0
-oslo.config==8.8.0
-oslo.context==4.1.0
-oslo.i18n==5.1.0
-oslo.log==4.7.0
-oslo.messaging==5.29.0
-oslo.middleware==3.31.0
-oslo.policy==3.11.0
-oslo.serialization==4.3.0
-oslo.service==1.24.0
-oslo.upgradecheck==1.5.0
-oslo.utils==4.12.0
-osprofiler==3.4.2
-Paste==2.0.2
-PasteDeploy==1.5.0
-pbr==5.5.0
-pep8==1.5.7
-pika==0.10.0
-pika-pool==0.1.3
-positional==1.2.1
-prettytable==0.7.2
-pycodestyle==2.5.0
-pycparser==2.18
-Pygments==2.2.0
-pyinotify==0.9.6
-pymongo==3.0.2
-pyOpenSSL==19.1.0
-pyparsing==2.1.0
-pyperclip==1.5.27
-pyScss==1.3.7
-pytest==5.3.5
-pytest-django==3.8.0
-pytest-html==2.0.1
-python-cinderclient==8.0.0
-python-dateutil==2.8.1
-python-glanceclient==2.8.0
-python-keystoneclient==3.22.0
-python-memcached==1.59
-python-mimeparse==1.6.0
-python-neutronclient==6.7.0
-python-novaclient==9.1.0
-python-swiftclient==3.2.0
-pytz==2013.6
-PyYAML==6.0
-rcssmin==1.0.6
-reno==3.1.0
-repoze.lru==0.7
-requests==2.25.1
-requestsexceptions==1.2.0
-restructuredtext-lint==1.1.1
-rfc3986==1.5.0
-rjsmin==1.1.0
-Routes==2.3.1
-selenium==2.50.1
-semantic-version==2.3.1
-simplejson==3.5.1
-six==1.16.0
-snowballstemmer==1.2.1
-statsd==3.2.1
-stevedore==3.3.0
-tenacity==3.2.1
-termcolor==1.1.0
-testscenarios==0.4
-testtools==2.2.0
-traceback2==1.4.0
-unittest2==1.1.0
-vine==1.1.4
-warlock==1.2.0
-WebOb==1.7.1
-wrapt==1.11
-XStatic==1.0.0
-XStatic-Angular==1.5.8.0
-XStatic-Angular-Bootstrap==2.2.0.0
-XStatic-Angular-FileUpload==12.0.4.0
-XStatic-Angular-Gettext==2.3.8.0
-XStatic-Angular-lrdragndrop==1.0.2.2
-XStatic-Angular-Schema-Form==0.8.13.0
-XStatic-Bootstrap-Datepicker==1.3.1.0
-XStatic-Bootstrap-SCSS==3.3.7.1
-XStatic-bootswatch==3.3.7.0
-XStatic-D3==3.5.17.0
-XStatic-Font-Awesome==4.7.0.0
-XStatic-Hogan==2.0.0.2
-XStatic-Jasmine==2.4.1.1
-XStatic-jQuery==1.12.4.1
-XStatic-JQuery-Migrate==1.2.1.1
-XStatic-jquery-ui==1.12.1.1
-XStatic-JQuery.quicksearch==2.0.3.1
-XStatic-JQuery.TableSorter==2.14.5.1
-XStatic-JSEncrypt==2.3.1.1
-XStatic-mdi==1.6.50.2
-XStatic-objectpath==1.2.1.0
-XStatic-Rickshaw==1.5.0.0
-XStatic-roboto-fontface==0.5.0.0
-XStatic-smart-table==1.4.13.2
-XStatic-Spin==1.2.5.2
-XStatic-term.js==0.0.7.0
-XStatic-tv4==1.2.7.0
-xvfbwrapper==0.1.3
diff --git a/openstack_auth/backend.py b/openstack_auth/backend.py
index 29b3b55a5f9..a238ccced56 100644
--- a/openstack_auth/backend.py
+++ b/openstack_auth/backend.py
@@ -111,22 +111,27 @@ def authenticate(self, request, auth_url=None, **kwargs):
 
         plugin, unscoped_auth = self._get_auth_backend(auth_url, **kwargs)
 
+        client_ip = utils.get_client_ip(request)
+        session = utils.get_session(original_ip=client_ip)
+
         # the recent project id a user might have set in a cookie
         recent_project = None
         if request:
             # Grab recent_project found in the cookie, try to scope
             # to the last project used.
             recent_project = request.COOKIES.get('recent_project')
-        unscoped_auth_ref = plugin.get_access_info(unscoped_auth)
+        unscoped_auth_ref = plugin.get_access_info(unscoped_auth,
+                                                   session=session)
 
         # Check expiry for our unscoped auth ref.
         self._check_auth_expiry(unscoped_auth_ref)
 
         domain_name = kwargs.get('user_domain_name', None)
         domain_auth, domain_auth_ref = plugin.get_domain_scoped_auth(
-            unscoped_auth, unscoped_auth_ref, domain_name)
+            unscoped_auth, unscoped_auth_ref, domain_name, session=session)
         scoped_auth, scoped_auth_ref = plugin.get_project_scoped_auth(
-            unscoped_auth, unscoped_auth_ref, recent_project=recent_project)
+            unscoped_auth, unscoped_auth_ref, recent_project=recent_project,
+            session=session)
 
         # Abort if there are no projects for this user and a valid domain
         # token has not been obtained
@@ -207,7 +212,6 @@ def authenticate(self, request, auth_url=None, **kwargs):
             request.session.set_expiry(session_time)
 
             keystone_client_class = utils.get_keystone_client().Client
-            session = utils.get_session()
             scoped_client = keystone_client_class(session=session,
                                                   auth=scoped_auth)
 
diff --git a/openstack_auth/plugin/base.py b/openstack_auth/plugin/base.py
index 28f90377d68..00ffe020abb 100644
--- a/openstack_auth/plugin/base.py
+++ b/openstack_auth/plugin/base.py
@@ -99,17 +99,19 @@ def list_domains(self, session, auth_plugin, auth_ref=None):
             msg = _('Unable to retrieve authorized domains.')
             raise exceptions.KeystoneRetrieveDomainsException(msg)
 
-    def get_access_info(self, keystone_auth):
+    def get_access_info(self, keystone_auth, session=None):
         """Get the access info from an unscoped auth
 
         This function provides the base functionality that the
         plugins will use to authenticate and get the access info object.
 
         :param keystone_auth: keystoneauth1 identity plugin
+        :param session: keystoneauth1 session to use otherwise gets one
         :raises: exceptions.KeystoneAuthException on auth failure
         :returns: keystoneclient.access.AccessInfo
         """
-        session = utils.get_session()
+        if session is None:
+            session = utils.get_session()
 
         try:
             unscoped_auth_ref = keystone_auth.get_access(session)
@@ -140,7 +142,7 @@ def get_access_info(self, keystone_auth):
         return unscoped_auth_ref
 
     def get_project_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
-                                recent_project=None):
+                                recent_project=None, session=None):
         """Get the project scoped keystone auth and access info
 
         This function returns a project scoped keystone token plugin
@@ -149,10 +151,13 @@ def get_project_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
         :param unscoped_auth: keystone auth plugin
         :param unscoped_auth_ref: keystoneclient.access.AccessInfo` or None.
         :param recent_project: project that we should try to scope to
+        :param session: keystoneauth1 session to use otherwise gets one
         :return: keystone token auth plugin, AccessInfo object
         """
+        if session is None:
+            session = utils.get_session()
+
         auth_url = unscoped_auth.auth_url
-        session = utils.get_session()
 
         projects = self.list_projects(
             session, unscoped_auth, unscoped_auth_ref)
@@ -187,7 +192,7 @@ def get_project_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
         return scoped_auth, scoped_auth_ref
 
     def get_domain_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
-                               domain_name=None):
+                               domain_name=None, session=None):
         """Get the domain scoped keystone auth and access info
 
         This function returns a domain scoped keystone token plugin
@@ -196,9 +201,12 @@ def get_domain_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
         :param unscoped_auth: keystone auth plugin
         :param unscoped_auth_ref: keystoneclient.access.AccessInfo` or None.
         :param domain_name: domain that we should try to scope to
+        :param session: keystoneauth1 session to use otherwise gets one
         :return: keystone token auth plugin, AccessInfo object
         """
-        session = utils.get_session()
+        if session is None:
+            session = utils.get_session()
+
         auth_url = unscoped_auth.auth_url
 
         if domain_name:
@@ -235,7 +243,7 @@ def get_domain_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
         return domain_auth, domain_auth_ref
 
     def get_system_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
-                               system_scope):
+                               system_scope, session=None):
         """Get the system scoped keystone auth and access info
 
         This function returns a system scoped keystone token plugin
@@ -244,9 +252,12 @@ def get_system_scoped_auth(self, unscoped_auth, unscoped_auth_ref,
         :param unscoped_auth: keystone auth plugin
         :param unscoped_auth_ref: keystoneclient.access.AccessInfo` or None.
         :param system_scope: system that we should try to scope to
+        :param session: keystoneauth1 session to use otherwise gets one
         :return: keystone token auth plugin, AccessInfo object
         """
-        session = utils.get_session()
+        if session is None:
+            session = utils.get_session()
+
         auth_url = unscoped_auth.auth_url
 
         system_auth = None
diff --git a/openstack_auth/views.py b/openstack_auth/views.py
index e8bc9c0ee82..ae8328a7902 100644
--- a/openstack_auth/views.py
+++ b/openstack_auth/views.py
@@ -267,7 +267,8 @@ def switch(request, tenant_id, redirect_field_name=auth.REDIRECT_FIELD_NAME):
               tenant_id, request.user.username)
 
     endpoint, __ = utils.fix_auth_url_version_prefix(request.user.endpoint)
-    session = utils.get_session()
+    client_ip = utils.get_client_ip(request)
+    session = utils.get_session(original_ip=client_ip)
     # Keystone can be configured to prevent exchanging a scoped token for
     # another token. Always use the unscoped token for requesting a
     # scoped token.
@@ -421,7 +422,8 @@ def switch_system_scope(request, redirect_field_name=auth.REDIRECT_FIELD_NAME):
     LOG.debug('Switching to system scope for user "%s".', request.user.username)
 
     endpoint, __ = utils.fix_auth_url_version_prefix(request.user.endpoint)
-    session = utils.get_session()
+    client_ip = utils.get_client_ip(request)
+    session = utils.get_session(original_ip=client_ip)
     # Keystone can be configured to prevent exchanging a scoped token for
     # another token. Always use the unscoped token for requesting a
     # scoped token.
diff --git a/openstack_dashboard/api/keystone.py b/openstack_dashboard/api/keystone.py
index b2544325121..cfaebfeabc5 100644
--- a/openstack_dashboard/api/keystone.py
+++ b/openstack_dashboard/api/keystone.py
@@ -176,7 +176,7 @@ def keystoneclient(request, admin=False, force_scoped=False):
         cacert = settings.OPENSTACK_SSL_CACERT
         verify = verify and cacert
         LOG.debug("Creating a new keystoneclient connection to %s.", endpoint)
-        remote_addr = request.environ.get('REMOTE_ADDR', '')
+        remote_addr = auth_utils.get_client_ip(request)
         token_auth = token_endpoint.Token(endpoint=endpoint,
                                           token=token_id)
         keystone_session = session.Session(auth=token_auth,