id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
17313	Cache FetchMiddleware checks cache for auth despite UNAUTH_ONLY=True	Yeago	nobody	"https://code.djangoproject.com/browser/django/trunk/django/middleware/cache.py#L133

The Fetch middleware makes no explicit check of its own to settings.CACHE_MIDDLEWARE_UNAUTHENTICATED_ONLY. This results in a check to the cache for the key. Currently, the only way it happens to work is because the key created by django.utils.cache.get_cache_key happens to cause a miss. If you use a simpler key which doesn't take into account the users session, the key will not miss and authenticated users will get a cached version despite the rather unambiguous setting.

Related to #17305 in the sense that this is another stumbling block for people wanting to customize the Cache Middlewares."	Bug	closed	Core (Cache system)		Normal	invalid		subsume@…	Unreviewed	0	0	0	0	0	0