#27686: calls to request.user.is_authenticated returns vary by cookie header for
all users
-------------------------------------+-------------------------------------
Reporter: Jeff Willette | Owner: Jeff
| Willette
Type: Bug | Status: closed
Component: contrib.sessions | Version: 1.10
Severity: Normal | Resolution: invalid
Keywords: | Triage Stage:
| Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Carlton Gibson):
* status: new => closed
* resolution: => invalid
Comment:
Hi David.
As I read the discussion, the issue is that the `is_authenticated()` check
could return `True`, i.e. if there's any point in checking it at all, then
we really **should** set the `Vary` header.
(Hence the ticket being closed as invalid.)
This is independent of whether there's a way we could detect this without
triggering it being set, which would be to introduce a regression on this
understanding.
Please see the
[https://docs.djangoproject.com/en/dev/internals/contributing/triaging-
tickets/ Triage Flow guidelines] and
TicketClosingReasons/DontReopenTickets — if there's doubt about a
resolution, much better that it's addressed on the DevelopersMailingList
where it can be properly discussed. Thanks.
--
Ticket URL: <https://code.djangoproject.com/ticket/27686#comment:8>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/069.4605d17d9a78242fbfdd7052565d1a55%40djangoproject.com.
