On Wed, Mar 3, 2010 at 9:50 AM, Tamas Szabo <szab...@gmail.com> wrote:
> Hi,
>
> I've just enabled caching for a Django application and it works great, but
> there is a small problem.
>
> As you know, Session middleware adds a Vary: Cookie header to the response
> and it is smart enough to do that only if the session has been accessed.
>
> This is all good, but the problem is that I have @login_required on the
> majority of my views and although they don't touch the session at all the
> Vary: Cookie header will be added.
> This is because the decorator has to get the user from the session so the
> session middleware sees that the session has been accessed and sets the
> header.
>
> So a simple view like the one below will set the Vary: Cookie header,
> although the result isn't user specific at all and this will prevent
> caching.
>
> @login_required
> def some_view(request)
> return HttpResponse('Some text')
>
> The ideal solution would probably be to being able to access the session
> without making the session dirty from framework code and then the auth code
> could do just that.
>
> Another possibility is to set the accessed flag back to False from the auth
> code after accessing the user in the session, but I think that needs more
> additional code, because request.user could be accessed from the view and I
> don't think that will set session.accessed = True
>
> Another possibility is to say that this is not a problem / can't be easily
> fixed, but then we probably need a new decorator, so we can mark views as
> @never_varies_on_cookie, because currently I don't think that we can avoid
> having the Cookie added to the Vary header by SessionMiddlewar.
>
> I thought I send an email to django-dev before raising a ticket to get some
> other opinions on the issue.
>
> Thanks,
>
> Tamas
If the view is login required, then you must send 'Vary: cookie',
there is no option. Consider what would happen if you did not vary on
the cookie:
Logged in user accesses the page via a caching proxy
Returned page is cacheable, no Vary header
Proxy stores page in cache
Not logged on user requests the page via the proxy
Proxy retrieves cached, logged on version of the page and delivers it
to not logged on user
Cheers
Tom
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-develop...@googlegroups.com.
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
