Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#18863 closed Bug (duplicate)

CACHE_MIDDLEWARE_ANONYMOUS_ONLY and per-site cache conflict with lazy loading

Reported by: Alexis Bellido Owned by: nobody
Component: Documentation Version: 1.4
Severity: Normal Keywords: cache
Cc: raymond.penners@… Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


When you enable per-site cache and use CACHE_MIDDLEWARE_ANONYMOUS_ONLY = True on a Django 1.4 project you get cached views as an authenticated user if you don't access an object which bypasses lazy loading.

To reproduce, set per-site cache as indicated in the documentation and add CACHE_MIDDLEWARE_ANONYMOUS_ONLY = True to Then create a simple view and return a very simple response via render_to_response with static text.

I'm pretty sure there are performance reasons for this behavior and I understand that in most cases an authenticated user will be served a view returning one or more objects which will bypass lazy loading, hence getting non-cached pages, but in those few cases when no object is returned, it could be while developing with cache enabled, this violates the principle of least astonishment.

If you set CACHE_MIDDLEWARE_ANONYMOUS_ONLY = True, you expect that authenticated users will never get cached pages.

To overcome this problem my first thought was writing this conditional cache decorator to check if a user is authenticated and then doing the same that never_cache does but then I thought this could be simplified just by assigning request.user to a variable in my view. That didn't work because request.user at this point is still a lazy loading object. My improved solution was calling request.user.is_authenticated() in the view and that results on a non cached page.

An alternative is accessing some method or attribute of the user object at the template level.

But in any case, I don't think these tricks should be needed if CACHE_MIDDLEWARE_ANONYMOUS_ONLY = True would be respected.


Change History (3)

comment:1 Changed 4 years ago by Aymeric Augustin

Component: Core (Cache system)Documentation
Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset
Triage Stage: UnreviewedAccepted

Indeed, if nothing in the response depends on the currently logged-in user, it means that the cached response for anonymous users is also valid for logged-in users.

There's a comment in the code explaining it:

If the session has not been accessed otherwise, we don't want to cause it to be accessed here.
If it hasn't been accessed, then the user's logged-in status has not affected the response anyway.

Accepting as a documentation issue.

comment:2 Changed 4 years ago by Aymeric Augustin

Resolution: duplicate
Status: newclosed

#15201 shows several fundamental problems with this feature.

It suggests renaming the setting to CACHE_MIDDLEWARE_SKIP_VARY_COOKIE (and adjusting the feature to match) or deprecating it.

comment:3 Changed 4 years ago by raymond.penners@…

Cc: raymond.penners@… added
Note: See TracTickets for help on using tickets.
Back to Top