id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
20816	Document middleware ordering requirements explicitly	Gunnlaugur Þór Briem	nobody	"Per [https://docs.djangoproject.com/en/dev/topics/http/middleware/ the middleware usage guide], “The order in `MIDDLEWARE_CLASSES` matters”, and one example is given (`AuthenticationMiddleware`'s need to run after `SessionMiddleware`). But other than that, specific information on middleware ordering requirements is scant and scattered.

Some incomplete hints are found here and there:

* the default `MIDDLEWARE_CLASSES` order from `startproject` may be taken to implicitly suggest that no known requirements are violated by that order (but doesn't inform as to valid deviations from that order)

* the above-mentioned example (`AuthenticationMiddleware`'s need to run after `SessionMiddleware`) is not mentioned in the middleware reference sections for these two middlewares, nor in the authentication and sessions documentation they link to.

* [http://stackoverflow.com/questions/4632323/practical-rules-for-django-middleware-ordering this StackOverflow question] tries to plug this documentation hole (unauthoritatively), and that seems pretty welcome : ) (“Why this question doesn't have hundreds more stars and upvotes, I'll never know! Thanks!”)

Example cases in which this information is valuable:

* when resolving ordering dependencies for custom middleware: “My `FooMiddleware` needs to be after `CsrfViewMiddleware` and before `SessionMiddleware`; is it OK to swap the order of these two in the default `startproject` middleware order to satisfy this, or must I redesign `FooMiddleware` to eliminate one of those two requirements?

* when troubleshooting problems in production (as I am doing now): “Here `CsrfViewMiddleware` has been put first, unlike the default `startproject` middleware order; might that be why we're seeing spurious CSRF failures in legitimate usage? Or can I eliminate that theory and better spend my time chasing another theory?”"	Cleanup/optimization	closed	Documentation	dev	Normal	fixed			Ready for checkin	1	0	0	0	0	0