#27686: calls to request.user.is_authenticated returns vary by cookie header for all users -------------------------------------+------------------------------------- Reporter: Jeff Willette | Owner: Jeff | Willette Type: Bug | Status: closed Component: contrib.sessions | Version: 1.10 Severity: Normal | Resolution: invalid Keywords: | Triage Stage: | Unreviewed Has patch: 1 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 -------------------------------------+------------------------------------- Changes (by Carlton Gibson):
* status: new => closed * resolution: => invalid Comment: Hi David. As I read the discussion, the issue is that the `is_authenticated()` check could return `True`, i.e. if there's any point in checking it at all, then we really **should** set the `Vary` header. (Hence the ticket being closed as invalid.) This is independent of whether there's a way we could detect this without triggering it being set, which would be to introduce a regression on this understanding. Please see the [https://docs.djangoproject.com/en/dev/internals/contributing/triaging- tickets/ Triage Flow guidelines] and TicketClosingReasons/DontReopenTickets — if there's doubt about a resolution, much better that it's addressed on the DevelopersMailingList where it can be properly discussed. Thanks. -- Ticket URL: <https://code.djangoproject.com/ticket/27686#comment:8> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/069.4605d17d9a78242fbfdd7052565d1a55%40djangoproject.com.