Re: The state of per-site/per-view middleware caching in Django

On Oct 21, 9:17 pm, Jim Dalton wrote: > On Oct 21, 2011, at 8:04 AM, Kääriäinen Anssi wrote: > > > I do not know nearly enough about caching to participate fully in this > > discussion. But it strikes me that the attempt to have CSRF protected > > anonymous page cached is

Re: The state of per-site/per-view middleware caching in Django

I think for the moment, the easy fix for anonymous forms it either to put them on a different page or to load them with ajax. This way the forms and thus the tokens gets generated only when needed. If caching and performances are a big concern, I think those alternative are win/win solutions.

Re: The state of per-site/per-view middleware caching in Django

On Oct 21, 2011, at 8:04 AM, Kääriäinen Anssi wrote: > I do not know nearly enough about caching to participate fully in this > discussion. But it strikes me that the attempt to have CSRF protected > anonymous page cached is not that smart. If you have an anonymous submittable > form, why

RE: The state of per-site/per-view middleware caching in Django

oglegroups.com [django-developers@googlegroups.com] On Behalf Of Jim Dalton [jim.dal...@gmail.com] Sent: Friday, October 21, 2011 16:02 To: django-developers@googlegroups.com Subject: Re: The state of per-site/per-view middleware caching in Django On Oct 20, 2011, at 6:02 PM, Carl Meyer wrote:

Re: The state of per-site/per-view middleware caching in Django

On Oct 20, 2011, at 6:02 PM, Carl Meyer wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi Jim, > > This is a really useful summary of the current state of things, thanks > for putting it together. > > Re the anonymous/authenticated issue, CSRF token, and Google Analytics >

Re: The state of per-site/per-view middleware caching in Django

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Jim, This is a really useful summary of the current state of things, thanks for putting it together. Re the anonymous/authenticated issue, CSRF token, and Google Analytics cookies, it all boils down to the same root issue. And Niran is right,

Re: The state of per-site/per-view middleware caching in Django

Hi... For PyLucid i made a simple cache middleware [1] simmilar to Django per-site cache middleware [2]. But i doesn't vary on Cookies and don't cache cookies. I simply cache only the response content. Of course: This doesn't solve the problem if "csrfmiddlewaretoken" in content. Here some

Re: The state of per-site/per-view middleware caching in Django

On Oct 20, 2011, at 10:26 AM, Niran Babalola wrote: > This problem is inherent to page caching. Workarounds to avoid varying > by cookie for anonymous users are conceptually incorrect. If a single > URL can give different responses depending on who's viewing it, then > it varies by cookie.

Re: The state of per-site/per-view middleware caching in Django

On Thu, Oct 20, 2011 at 7:45 AM, Jim Dalton wrote: > There > is still an exceptionally narrow set of circumstances that would allow me to > serve a single cached page to all anonymous visitors to my site: namely, I > can't touch request.user and I can't use CSRF. This

The state of per-site/per-view middleware caching in Django

I spent the better part of yesterday mucking around in the dregs of Django's cache middleware and related modules, and in doing so I've come to the conclusion that, due to an accumulation of hinderances and minor bugs, the per-site and per-view caching mechanism are effectively broken for many