id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
27686	calls to request.user.is_authenticated returns vary by cookie header for all users	Jeff Willette	Jeff Willette	"If request.user.is_authenticated() is called in a view, a `Vary: ""Cookie""` Http header is returned, even if the user is an anonymous user. The anonymous user has no `sessionid` and no other cookies set. This means that any other inconsequential cookies that are in the request (such as google analytics) will cause downstream caches to cache separate pages for each user. 

I think that is the user is not_authenticated, then there should be no `Vary` header sent back from django.

You can recreate this problem by creating a new django project and creating a view that returns an HttpResponse after calling to is_authenticated with an anonymous user, and also calling another view that does not call to is_authenticated and comparing the HttpHeaders. I have done so here: https://github.com/deltaskelta/django-is-authenticated-vary-headers.git "	Bug	closed	contrib.sessions	1.10	Normal	invalid			Unreviewed	1	0	0	0	0	0