[Django] #36603: Make LoginRequiredMiddleware avoid fetching request.user for public views
4 views
Skip to first unread message
Django
Sep 10, 2025, 5:38:33 PM9/10/25
to django-...@googlegroups.com
#36603: Make LoginRequiredMiddleware avoid fetching request.user for public views
-------------------------------------+-------------------------------------
Reporter: Adam | Owner: Adam Johnson
Johnson |
Type: | Status: assigned
Cleanup/optimization |
Component: | Version: dev
contrib.auth |
Severity: Normal | Keywords:
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
LoginRequiredMiddleware checks `request.user.is_authenticated` before
`view_func.login_required`. This causes unnecessary database queries for
public views, fetching the current session and user, even though the check
doesn't need that information. Rearranging the condition checks to first
see if the view is public would avoid that extra work.
--
Ticket URL: <https://code.djangoproject.com/ticket/36603>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
-------------------------------------+-------------------------------------
Reporter: Adam | Owner: Adam Johnson
Johnson |
Type: | Status: assigned
Cleanup/optimization |
Component: | Version: dev
contrib.auth |
Severity: Normal | Keywords:
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
LoginRequiredMiddleware checks `request.user.is_authenticated` before
`view_func.login_required`. This causes unnecessary database queries for
public views, fetching the current session and user, even though the check
doesn't need that information. Rearranging the condition checks to first
see if the view is public would avoid that extra work.
--
Ticket URL: <https://code.djangoproject.com/ticket/36603>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Sep 10, 2025, 6:54:27 PM9/10/25
to django-...@googlegroups.com
#36603: Make LoginRequiredMiddleware avoid fetching request.user for public views
-------------------------------------+-------------------------------------
Reporter: Adam Johnson | Owner: Adam
-------------------------------------+-------------------------------------
Type: | Johnson
Cleanup/optimization | Status: assigned
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Simon Charette):
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/36603#comment:1>
Django
Sep 10, 2025, 7:31:08 PM9/10/25
to django-...@googlegroups.com
#36603: Make LoginRequiredMiddleware avoid fetching request.user for public views
-------------------------------------+-------------------------------------
Reporter: Adam Johnson | Owner: Adam
Type: | Johnson
Cleanup/optimization | Status: assigned
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
-------------------------------------+-------------------------------------
Reporter: Adam Johnson | Owner: Adam
Type: | Johnson
Cleanup/optimization | Status: assigned
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Adam Johnson):
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* has_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/36603#comment:2>
Django
Sep 11, 2025, 5:09:28 AM9/11/25
to django-...@googlegroups.com
#36603: Make LoginRequiredMiddleware avoid fetching request.user for public views
-------------------------------------+-------------------------------------
Reporter: Adam Johnson | Owner: Adam
Type: | Johnson
Cleanup/optimization | Status: assigned
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Ready for
-------------------------------------+-------------------------------------
Reporter: Adam Johnson | Owner: Adam
Type: | Johnson
Cleanup/optimization | Status: assigned
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Mariusz Felisiak):
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/36603#comment:3>
Django
Sep 11, 2025, 5:10:06 AM9/11/25
to django-...@googlegroups.com
#36603: Make LoginRequiredMiddleware avoid fetching request.user for public views
-------------------------------------+-------------------------------------
Reporter: Adam Johnson | Owner: Adam
Type: | Johnson
Cleanup/optimization | Status: closed
-------------------------------------+-------------------------------------
Reporter: Adam Johnson | Owner: Adam
Type: | Johnson
Component: contrib.auth | Version: dev
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by GitHub <noreply@…>):
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* resolution: => fixed
* status: assigned => closed
Comment:
In [changeset:"41bc48ac1ed1d515977ebe965993b1ef83eafd02" 41bc48a]:
{{{#!CommitTicketReference repository=""
revision="41bc48ac1ed1d515977ebe965993b1ef83eafd02"
Fixed #36603 -- Optimized check order in LoginRequiredMiddleware.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/36603#comment:4>
Reply all
Reply to author
Forward
0 new messages