Ticket #15260: cache-page-fix.patch

django/middleware/cache.py

@@ -67 +67 @@
         self.key_prefix = settings.CACHE_MIDDLEWARE_KEY_PREFIX
         self.cache_anonymous_only = getattr(settings, 'CACHE_MIDDLEWARE_ANONYMOUS_ONLY', False)
 
+    def _session_accessed(self, request):
+        try:
+            return request.session.accessed
+        except AttributeError:
+            return False
+
     def _should_update_cache(self, request, response):
         if not hasattr(request, '_cache_update_cache') or not request._cache_update_cache:
             return False
-        if self.cache_anonymous_only and has_vary_header(response, 'Cookie'):
+        # In most situations, we shouldn't need to directly check if
+        # the session has been accessed; checking for Vary: Cookie is
+        # enough. But when the @cache_page decorator is used, this
+        # check is done before the Vary header is set, so we need to
+        # check request.session.accessed ourselves.
+        if self.cache_anonymous_only and (has_vary_header(response, 'Cookie')
+                                          or self._session_accessed(request)):
             assert hasattr(request, 'user'), "The Django cache middleware with CACHE_MIDDLEWARE_ANONYMOUS_ONLY=True requires authentication middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.auth.middleware.AuthenticationMiddleware' before the CacheMiddleware."
             if request.user.is_authenticated():
                 # Don't cache user-variable requests from authenticated users.

tests/regressiontests/cache/tests.py

@@ -10 +10 @@
 import warnings
 
 from django.conf import settings
+from django.contrib.auth.models import User
 from django.core import management
 from django.core.cache import get_cache
 from django.core.cache.backends.base import CacheKeyWarning
@@ -670 +671 @@
         response = self.client.get('/')
         self.failIf('Cookie' in response.get('Vary', ''))
 
+    def test_cache_middleware_anonymous_only_while_logged_in(self):
+        settings.CACHE_MIDDLEWARE_ANONYMOUS_ONLY = True
+
+        response = self.client.get('/')
+        self.assertEqual(response['Cache-Control'], 'max-age=600')
+
+        User.objects.create_user(username='user', email='foo@bar.com',
+                                 password='password')
+        login = self.client.login(username='user', password='password')
+        self.assertTrue(login)
+
+        response = self.client.get('/user')
+        self.failIf('Cache-Control' in response)
+        response = self.client.get('/user-cache-page')
+        self.failIf('Cache-Control' in response)
+        response = self.client.get('/user-vary-on-cookie-cache-page')
+        self.failIf('Cache-Control' in response)
+        response = self.client.get('/user-cache-page-vary-on-cookie')
+        self.failIf('Cache-Control' in response)
 
 if __name__ == '__main__':
     unittest.main()

tests/regressiontests/cache/urls.py

@@ -2 +2 @@
 
 urlpatterns = patterns('regressiontests.cache.views',
     (r'^$', 'home'),
+    (r'^user$', 'user'),
+    (r'^user-cache-page$', 'user_cache_page'),
+    (r'^user-vary-on-cookie-cache-page$', 'user_vary_on_cookie_cache_page'),
+    (r'^user-cache-page-vary-on-cookie$', 'user_cache_page_vary_on_cookie'),
 )

tests/regressiontests/cache/views.py

@@ -1 +1 @@
 from django.http import HttpResponse
+from django.views.decorators.cache import cache_page
+from django.views.decorators.vary import vary_on_cookie
 
 def home(request):
     return HttpResponse('Hello World!')
+
+def user(request):
+    return HttpResponse(request.user.username)
+
+user_cache_page = cache_page(60 * 15)(user)
+user_vary_on_cookie_cache_page = vary_on_cookie(user_cache_page)
+user_cache_page_vary_on_cookie = cache_page(60 * 15)(vary_on_cookie(user))