Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not access the session unless needed #509

Merged
merged 1 commit into from Nov 29, 2022
Merged

Do not access the session unless needed #509

merged 1 commit into from Nov 29, 2022

Conversation

codingjoe
Copy link
Collaborator

If the session wasn't accessed we do not need to modify the response.
Session get accessed lazily if someone accesses request.user or
request.session. In those cases Django will add cookie to the
Vary-On HTTP header. This will prevent browsers from caching the
results.

Furthermore, accessing the user when not needed will cause unwanted
IO on request, that don't need authentication or vary content based
on users.

We use the same behavior Django implements in the authentication
middlware, where a user is a lazy object and will only be fetched
if needed. We simply overwrite the user and add another setup
hook.

@codingjoe
Do not access session unless needed
e697759 
If the session wasn't accessed we do not need to modify the response.
Session get accessed lazily if someone accesses request.user or
request.session. In those cases Django will add cookie to the
Vary-On HTTP header. This will prevent browsers from caching the
results.

Furthermore, accessing the user when not needed will cause unwanted
IO on request, that don't need authentication or vary content based
on users.

We use the same behavior Django implements in the authentication
middlware, where a user is a lazy object and will only be fetched
if needed. We simply overwrite the user and add another setup
hook.
@codingjoe codingjoe self-assigned this Nov 29, 2022
@codingjoe codingjoe changed the title Do not access session unless needed Do not access the session unless needed Nov 29, 2022
@codecov-commenter
Copy link

codecov-commenter commented Nov 29, 2022
edited

Codecov Report

Merging #509 (e697759) into master (bc8be46) will increase coverage by 0.02%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master     #509      +/-   ##
==========================================
+ Coverage   99.24%   99.27%   +0.02%     
==========================================
  Files           7        7              
  Lines         133      138       +5     
==========================================
+ Hits          132      137       +5     
  Misses          1        1
Impacted Files Coverage Δ
hijack/middleware.py 100.00% <100.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@codingjoe codingjoe merged commit 4c7d960 into master Nov 29, 2022
@codingjoe codingjoe deleted the vary-on-header branch November 29, 2022 16:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amureki amureki amureki approved these changes

@Mogost Mogost Awaiting requested review from Mogost

Assignees

@codingjoe codingjoe

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@codingjoe @codecov-commenter @amureki