On Wed, Mar 3, 2010 at 9:50 AM, Tamas Szabo <szab...@gmail.com> wrote: > Hi, > > I've just enabled caching for a Django application and it works great, but > there is a small problem. > > As you know, Session middleware adds a Vary: Cookie header to the response > and it is smart enough to do that only if the session has been accessed. > > This is all good, but the problem is that I have @login_required on the > majority of my views and although they don't touch the session at all the > Vary: Cookie header will be added. > This is because the decorator has to get the user from the session so the > session middleware sees that the session has been accessed and sets the > header. > > So a simple view like the one below will set the Vary: Cookie header, > although the result isn't user specific at all and this will prevent > caching. > > @login_required > def some_view(request) > return HttpResponse('Some text') > > The ideal solution would probably be to being able to access the session > without making the session dirty from framework code and then the auth code > could do just that. > > Another possibility is to set the accessed flag back to False from the auth > code after accessing the user in the session, but I think that needs more > additional code, because request.user could be accessed from the view and I > don't think that will set session.accessed = True > > Another possibility is to say that this is not a problem / can't be easily > fixed, but then we probably need a new decorator, so we can mark views as > @never_varies_on_cookie, because currently I don't think that we can avoid > having the Cookie added to the Vary header by SessionMiddlewar. > > I thought I send an email to django-dev before raising a ticket to get some > other opinions on the issue. > > Thanks, > > Tamas
If the view is login required, then you must send 'Vary: cookie', there is no option. Consider what would happen if you did not vary on the cookie: Logged in user accesses the page via a caching proxy Returned page is cacheable, no Vary header Proxy stores page in cache Not logged on user requests the page via the proxy Proxy retrieves cached, logged on version of the page and delivers it to not logged on user Cheers Tom -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.