Hi Jeff, On 01/06/2017 06:21 PM, Jeff Willette wrote: > I understand that calling is_authenticated on a user will require the > session to be accessed and the vary by cookie header to be in the > response, but if I understand how caching systems work then this will > cause all cookies in the request to be taken into account, correct?
Yes. HTTP doesn't provide any way to say "vary only on this cookie, not the others." Be nice if it did! > What if there was an optional middleware early in the request > processing that matched cookies based on a regex in settings and then > modified the header to only include the matched cookies? > > That way...the unauthed users request will vary by cookies, but we > would have removed all inconsequential cookies so all unauthed users > will have the same set of cookies (likely none), and authed users > will have (sessionid) or whatever else you wish to match and everyone > will be happily cached correctly. > > Is there a hole in my thinking anywhere? Would this work as I > expect? I think it could work, yeah. It won't help the efficiency of any other downstream HTTP caches, but they would still be safe (not serve anyone the wrong response). And you should be able to help efficiency of Django's own cache this way, if you strip cookies that Django / your code doesn't care about before the request ever reaches the caching middleware. Try it and experiment! Carl -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/65281bd7-a2f6-d428-9743-683714c83057%40oddbird.net. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
