Opened 10 years ago

Closed 10 years ago

#3586 closed (fixed)

Only add the Vary: Cookie header when the request actually varies on the cookie

Reported by: anonymous Owned by: Jacob
Component: Uncategorized Version: master
Severity: Keywords:
Cc: django@… Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


Currently the session middleware adds a Vary: Cookie header to every request on the site unconditionally. This is what it should be doing when a view uses session data to process the request. But not every view in an application will make use of the session state just because some do.

Setting a Vary: Cookie header when the content does not actually depend on the cookie prevents downstream caching which could otherwise take place. It also forces browsers to revalidate content even when that content has cache control set to public and an expires header.

The fix for this is very simple. The session middleware already keeps track of whether the session has been modified so it only has to save on those requests. We just need to add a second flag to track whether the session has been accessed and then only set the Vary header when this flag is set. The attached patch against trunk makes this change.

A site I'm currently working on has a significant amount of infrequently changing XML and flash content which is served by Django as well as some normal views which make use of the session middleware. Changing the session middleware to not change the vary header unnecessarily results in a significant speedup since a large number of objects become cachable.

Attachments (1)

automatic_vary.diff (1.4 KB) - added by anonymous 10 years ago.

Download all attachments as: .zip

Change History (4)

Changed 10 years ago by anonymous

Attachment: automatic_vary.diff added

comment:1 Changed 10 years ago by Owen Griffiths

Cc: django@… added

Oops, forgot to add my name and email address.

comment:2 Changed 10 years ago by Simon G. <dev@…>

Triage Stage: UnreviewedReady for checkin

comment:3 Changed 10 years ago by Malcolm Tredinnick

Resolution: fixed
Status: newclosed

(In [4680]) Fixed #3586 -- Only output "Vary: Cookie" HTTP header when the session object
is accessed. Leads to better caching performance. Thanks, Owen Griffiths.

Note: See TracTickets for help on using tickets.
Back to Top