Opened 9 years ago

Closed 9 years ago

Last modified 2 months ago

#4994 closed Bug (fixed)

Cookies are not sent back for HTTP Not Modified (304) from CommonMiddleware

Reported by: colin@… Owned by: Malcolm Tredinnick
Component: HTTP handling Version: master
Severity: Normal Keywords: etags
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Tim Graham)

The CommonMiddleware functionality generates a new HTTP Response object (304) when the E-Tag matches. This new response does not include the Set-Cookie header, which then breaks the login page from django.contrib.auth.views.login.

This also violates the Cookie specification: If a proxy server receives a response which contains a Set-cookie header, it should propagate the Set-cookie header to the client, regardless of whether the response was 304 (Not Modified) or 200 (OK).

Apache has similar behavior.

The attached patch solves this by moving any set cookies over into the new response object.

Attachments (1)

common-middleware-fix.patch (639 bytes) - added by colin@… 9 years ago.
Patch for 304 and Cookies

Download all attachments as: .zip

Change History (4)

Changed 9 years ago by colin@…

Attachment: common-middleware-fix.patch added

Patch for 304 and Cookies

comment:1 Changed 9 years ago by Simon G. <dev@…>

Triage Stage: UnreviewedReady for checkin

comment:2 Changed 9 years ago by Malcolm Tredinnick

Resolution: fixed
Status: newclosed

(In [5878]) Fixed #4994 -- Send back set-cookie headers in "not modified" responses. Well spotted, colin@….

comment:3 Changed 2 months ago by Tim Graham

Description: modified (diff)
Easy pickings: unset
Severity: Normal
Type: Bug
UI/UX: unset
Note: See TracTickets for help on using tickets.
Back to Top