#27686: calls to request.user.is_authenticated returns vary by cookie header for
all users
-----------------------------------------+------------------------
Reporter: Jeff Willette | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.10
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+------------------------
If request.user.is_authenticated() is called in a view, a `Vary: "Cookie"`
Http header is returned, even if the user is an anonymous user. The
anonymous user has no `sessionid` and no other cookies set. This means
that any other inconsequential cookies that are in the request (such as
google analytics) will cause downstream caches to cache separate pages for
each user.
I think that is the user is not_authenticated, then there should be no
`Vary` header sent back from django.
You can recreate this problem by creating a new django project and
creating a view that returns an HttpResponse after calling to
is_authenticated with an anonymous user, and also calling another view
that does not call to is_authenticated and comparing the HttpHeaders. I
have done so here: https://github.com/deltaskelta/django-is-authenticated-
vary-headers.git
--
Ticket URL: <https://code.djangoproject.com/ticket/27686>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/054.5527d2cc98c149b67b2c83dcc85e9b98%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
