id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
7364	Login view is cached when caching middleware is turned on	clong@…	nobody	"This causes a problem, because the login view expects a cookie to be set when a user visits the login page. If it's not set it will fail the login, but will set the cookie.

Quick steps:
   1. Make a request to the login page without any GET or POST parameters.
   2. Web server returns the cached page. (Note: this doesn’t set the cookie because no Python code has been run, the page returned is static)
   3. The user enters in the login information and submits the information. This is sent to the server as a POST.
   4. The server, because of the POST, now runs the login view. This fails because there was no cookie previously set, but it does set the cookie that should have been previously set.
   5. The error message shown to the user is as if it was a failed attempt. If the user reenters the information, the login will now work as the cookie is now set.

I attached a diff that uses the 'never_cache' decorator to fix this."		closed	Contrib apps	dev		fixed	auth, login, cache		Accepted	1	0	0	0	0	0