Tamas Szabo
unread,Mar 3, 2010, 4:50:22 AM3/3/10Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to django-d...@googlegroups.com
Hi,
I've just enabled caching for a Django application and it works great, but there is a small problem.
As you know, Session middleware adds a Vary: Cookie header to the response and it is smart enough to do that only if the session has been accessed.
This is all good, but the problem is that I have @login_required on the majority of my views and although they don't touch the session at all the Vary: Cookie header will be added.
This is because the decorator has to get the user from the session so the session middleware sees that the session has been accessed and sets the header.
So a simple view like the one below will set the Vary: Cookie header, although the result isn't user specific at all and this will prevent caching.
@login_required
def some_view(request)
return HttpResponse('Some text')
The ideal solution would probably be to being able to access the session without making the session dirty from framework code and then the auth code could do just that.
Another possibility is to set the accessed flag back to False from the auth code after accessing the user in the session, but I think that needs more additional code, because request.user could be accessed from the view and I don't think that will set session.accessed = True
Another possibility is to say that this is not a problem / can't be easily fixed, but then we probably need a new decorator, so we can mark views as @never_varies_on_cookie, because currently I don't think that we can avoid having the Cookie added to the Vary header by SessionMiddlewar.
I thought I send an email to django-dev before raising a ticket to get some other opinions on the issue.
Thanks,
Tamas