id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 7364 Login view is cached when caching middleware is turned on clong@… nobody "This causes a problem, because the login view expects a cookie to be set when a user visits the login page. If it's not set it will fail the login, but will set the cookie. Quick steps: 1. Make a request to the login page without any GET or POST parameters. 2. Web server returns the cached page. (Note: this doesn’t set the cookie because no Python code has been run, the page returned is static) 3. The user enters in the login information and submits the information. This is sent to the server as a POST. 4. The server, because of the POST, now runs the login view. This fails because there was no cookie previously set, but it does set the cookie that should have been previously set. 5. The error message shown to the user is as if it was a failed attempt. If the user reenters the information, the login will now work as the cookie is now set. I attached a diff that uses the 'never_cache' decorator to fix this." closed Contrib apps dev fixed auth, login, cache Accepted 1 0 0 0 0 0