On Thu, Oct 20, 2011 at 7:45 AM, Jim Dalton <jim.dal...@gmail.com> wrote: > There > is still an exceptionally narrow set of circumstances that would allow me to > serve a single cached page to all anonymous visitors to my site: namely, I > can't touch request.user and I can't use CSRF.
This problem is inherent to page caching. Workarounds to avoid varying by cookie for anonymous users are conceptually incorrect. If a single URL can give different responses depending on who's viewing it, then it varies by cookie. Preventing CSRF is inherently session-variable as well. Loading the token via a separate AJAX call is possible, but there are simpler solutions. If you want to cache pages with small portions that vary by user, then you want edge site includes and something like Varnish to process them. If you want a much slower, pure-python solution that doesn't require a separate service running somewhere, then you want armstrong.esi[1]. - Niran [1] <https://github.com/texastribune/armstrong.esi>. armstrong.esi isn't part of Armstrong proper yet, but if you want to know more about the project, head to <http://armstrongcms.org/> and <https://github.com/armstrong/armstrong>. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.