id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 17313 Cache FetchMiddleware checks cache for auth despite UNAUTH_ONLY=True Yeago nobody "https://code.djangoproject.com/browser/django/trunk/django/middleware/cache.py#L133 The Fetch middleware makes no explicit check of its own to settings.CACHE_MIDDLEWARE_UNAUTHENTICATED_ONLY. This results in a check to the cache for the key. Currently, the only way it happens to work is because the key created by django.utils.cache.get_cache_key happens to cause a miss. If you use a simpler key which doesn't take into account the users session, the key will not miss and authenticated users will get a cached version despite the rather unambiguous setting. Related to #17305 in the sense that this is another stumbling block for people wanting to customize the Cache Middlewares." Bug closed Core (Cache system) Normal invalid subsume@… Unreviewed 0 0 0 0 0 0