id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
4994	Cookies are not sent back for HTTP Not Modified (304) from CommonMiddleware	colin@…	Malcolm Tredinnick	"The CommonMiddleware functionality generates a new HTTP Response object (304) when the E-Tag matches.  This new response does not include the Set-Cookie header, which then breaks the login page from django.contrib.auth.views.login.

This also violates the Cookie specification (see [http://wp.netscape.com/newsref/std/cookie_spec.html]): If a proxy server receives a response which contains a Set-cookie header, it should propagate the Set-cookie header to the client, regardless of whether the response was 304 (Not Modified) or 200 (OK).

The attached patch solves this by moving any set cookies over into the new response object.
"		new	HTTP handling	dev			etags		Unreviewed	1	0	0	0