Opened 11 years ago
Closed 11 years ago
#20987 closed Bug (worksforme)
authenticated users and anonymous share the same caching
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | Core (Cache system) | Version: | 1.5 |
| Severity: | Normal | Keywords: | caching |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Anonymous access some detail views, Django does save its cache,
authenticated user access the same views will get the anonymous's cache,
however, some HTML thing for authenticated user will not in response as expected.
And the CACHE_MIDDLEWARE_ANONYMOUS_ONLY setting option is not useful for this situation.
I think it is a bad idea that authenticated users and anonymous share the same caching.
Attachments (1)
Change History (2)
by , 11 years ago
| Attachment: | cache.py.patch added |
|---|
comment:1 by , 11 years ago
| Resolution: | → worksforme |
|---|---|
| Status: | new → closed |
Hi, thanks for the report. I don't believe the report is correct, though. Any access of request.user will trigger an access of the session, which in turn will trigger Vary: Cookie on the response. The cache middleware respects Vary: Cookie, and so differing session cookies will prevent one authenticated user from seeing a response from another authenticated user, or from an anonymous user.
If you're actually experiencing authenticated users getting served cached responses for anonymous users, then something in your project is causing the Vary: Cookie stuff to not work correctly, and that's where we need more information.
Closing this worksforme, but feel free to reopen if you can provide enough detail to allow us to reproduce the problem you're experiencing.
implement CACHE_MIDDLEWARE_DISABLE_FOR_AUTHENTICATED option for caching