#16563: Error pickling request.user
---------------------------------+------------------------------------
Reporter: zero.fuxor@… | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: 1.3
Severity: Release blocker | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+------------------------------------
Comment (by carljm):
Replying to [comment:14 poirier]:
> Would it be possible to fix this instead by fixing the chain of events
somewhere else?
No, I don't think so.
> e.g. should any access of request.session result in setting the Vary:
Cookie header?
Yes, it should. Any access of the session means the response you are
generating is almost certainly dependent in some way on values in the
session, which means serving that same response as a cached response to
other users would be at best wrong, and at worst a security issue. This
applies even more strongly, if anything, to accessing `request.user` in
particular. So it's quite important that `request.user` remain lazy, and
that accessing it trigger `Vary: Cookie` on the response.
--
Ticket URL: <https://code.djangoproject.com/ticket/16563#comment:18>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
