Index: django/core/management/validation.py
===================================================================
--- django/core/management/validation.py	(revision 7569)
+++ django/core/management/validation.py	(working copy)
@@ -28,6 +28,32 @@
     for (app_name, error) in get_app_errors().items():
         e.add(app_name, error)
 
+    # Check middleware ordering
+    mw_seen = []
+    for middleware_path in settings.MIDDLEWARE_CLASSES:
+        try:
+            dot = middleware_path.rindex('.')
+        except ValueError:
+            continue # not middleware
+        mw_module, mw_classname = middleware_path[:dot], middleware_path[dot+1:]
+        try:
+            mod = __import__(mw_module, {}, {}, [''])
+        except ImportError, e:
+            continue
+        try:
+            mw_class = getattr(mod, mw_classname)
+        except AttributeError:
+            continue # classname not found
+        try:
+            mw_instance = mw_class()
+        except exceptions.MiddlewareNotUsed:
+            continue
+        mw_seen.append(middleware_path)
+        if hasattr(mw_instance, 'depends') and mw_instance.depends:
+            for dep in mw_instance.depends:
+                if dep not in mw_seen:
+                    e.add(middleware_path, 'Dependency on "%s" not met.  Check to make sure the dependent middleware is included in MIDDLEWARE_CLASSES and is listed above %s.' % (dep, mw_classname))
+
     for cls in models.get_models(app):
         opts = cls._meta
 
Index: django/contrib/auth/middleware.py
===================================================================
--- django/contrib/auth/middleware.py	(revision 7569)
+++ django/contrib/auth/middleware.py	(working copy)
@@ -6,6 +6,9 @@
         return request._cached_user
 
 class AuthenticationMiddleware(object):
+
+    depends = ('django.contrib.sessions.middleware.SessionMiddleware',)
+
     def process_request(self, request):
         assert hasattr(request, 'session'), "The Django authentication middleware requires session middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.sessions.middleware.SessionMiddleware'."
         request.__class__.user = LazyUser()
Index: django/contrib/sessions/middleware.py
===================================================================
--- django/contrib/sessions/middleware.py	(revision 7569)
+++ django/contrib/sessions/middleware.py	(working copy)
@@ -9,6 +9,8 @@
 
 class SessionMiddleware(object):
 
+    depends = ()
+
     def process_request(self, request):
         engine = __import__(settings.SESSION_ENGINE, {}, {}, [''])
         session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME, None)
Index: django/middleware/common.py
===================================================================
--- django/middleware/common.py	(revision 7569)
+++ django/middleware/common.py	(working copy)
@@ -28,6 +28,8 @@
           appropriately.
     """
 
+    depends = ()
+
     def process_request(self, request):
         """
         Check for denied User-Agents and rewrite the URL based on
Index: django/middleware/doc.py
===================================================================
--- django/middleware/doc.py	(revision 7569)
+++ django/middleware/doc.py	(working copy)
@@ -5,6 +5,9 @@
     """
     Adds an X-View header to internal HEAD requests -- used by the documentation system.
     """
+
+    depends = ('django.contrib.auth.middleware.AuthenticationMiddleware',)
+
     def process_view(self, request, view_func, view_args, view_kwargs):
         """
         If the request method is HEAD and either the IP is internal or the