Opened 9 years ago

Closed 9 years ago

#3586 closed (fixed)

Only add the Vary: Cookie header when the request actually varies on the cookie

Reported by: anonymous Owned by: jacob
Component: Uncategorized Version: master
Severity: Keywords:
Cc: django@… Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


Currently the session middleware adds a Vary: Cookie header to every request on the site unconditionally. This is what it should be doing when a view uses session data to process the request. But not every view in an application will make use of the session state just because some do.

Setting a Vary: Cookie header when the content does not actually depend on the cookie prevents downstream caching which could otherwise take place. It also forces browsers to revalidate content even when that content has cache control set to public and an expires header.

The fix for this is very simple. The session middleware already keeps track of whether the session has been modified so it only has to save on those requests. We just need to add a second flag to track whether the session has been accessed and then only set the Vary header when this flag is set. The attached patch against trunk makes this change.

A site I'm currently working on has a significant amount of infrequently changing XML and flash content which is served by Django as well as some normal views which make use of the session middleware. Changing the session middleware to not change the vary header unnecessarily results in a significant speedup since a large number of objects become cachable.

Attachments (1)

automatic_vary.diff (1.4 KB) - added by anonymous 9 years ago.

Download all attachments as: .zip

Change History (4)

Changed 9 years ago by anonymous

comment:1 Changed 9 years ago by Owen Griffiths

  • Cc django@… added

Oops, forgot to add my name and email address.

comment:2 Changed 9 years ago by Simon G. <dev@…>

  • Triage Stage changed from Unreviewed to Ready for checkin

comment:3 Changed 9 years ago by mtredinnick

  • Resolution set to fixed
  • Status changed from new to closed

(In [4680]) Fixed #3586 -- Only output "Vary: Cookie" HTTP header when the session object
is accessed. Leads to better caching performance. Thanks, Owen Griffiths.

Note: See TracTickets for help on using tickets.
Back to Top