#16563: Error pickling request.user ---------------------------------+------------------------------------ Reporter: zero.fuxor@… | Owner: nobody Type: Bug | Status: new Component: contrib.auth | Version: 1.3 Severity: Release blocker | Resolution: Keywords: | Triage Stage: Accepted Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 ---------------------------------+------------------------------------
Comment (by carljm): Replying to [comment:14 poirier]: > Would it be possible to fix this instead by fixing the chain of events somewhere else? No, I don't think so. > e.g. should any access of request.session result in setting the Vary: Cookie header? Yes, it should. Any access of the session means the response you are generating is almost certainly dependent in some way on values in the session, which means serving that same response as a cached response to other users would be at best wrong, and at worst a security issue. This applies even more strongly, if anything, to accessing `request.user` in particular. So it's quite important that `request.user` remain lazy, and that accessing it trigger `Vary: Cookie` on the response. -- Ticket URL: <https://code.djangoproject.com/ticket/16563#comment:18> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.