Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixed #15260 -- Ensured that CACHE_MIDDLEWARE_ANONYMOUS_ONLY is effec…

…tive with the cache_page decorator, not only the middleware. Thanks to brodie for report and draft patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15559 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 969217d45566e6853a2358088002e80b4afb9708 1 parent ed7a307
@carljm carljm authored
View
13 django/middleware/cache.py
@@ -50,7 +50,7 @@
from django.conf import settings
from django.core.cache import get_cache, DEFAULT_CACHE_ALIAS
-from django.utils.cache import get_cache_key, learn_cache_key, patch_response_headers, get_max_age, has_vary_header
+from django.utils.cache import get_cache_key, learn_cache_key, patch_response_headers, get_max_age
class UpdateCacheMiddleware(object):
@@ -69,10 +69,19 @@ def __init__(self):
self.cache_alias = settings.CACHE_MIDDLEWARE_ALIAS
self.cache = get_cache(self.cache_alias)
+ def _session_accessed(self, request):
+ try:
+ return request.session.accessed
+ except AttributeError:
+ return False
+
def _should_update_cache(self, request, response):
if not hasattr(request, '_cache_update_cache') or not request._cache_update_cache:
return False
- if self.cache_anonymous_only and has_vary_header(response, 'Cookie'):
+ # If the session has not been accessed otherwise, we don't want to
+ # cause it to be accessed here. If it hasn't been accessed, then the
+ # user's logged-in status has not affected the response anyway.
+ if self.cache_anonymous_only and self._session_accessed(request):
assert hasattr(request, 'user'), "The Django cache middleware with CACHE_MIDDLEWARE_ANONYMOUS_ONLY=True requires authentication middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.auth.middleware.AuthenticationMiddleware' before the CacheMiddleware."
if request.user.is_authenticated():
# Don't cache user-variable requests from authenticated users.
View
22 tests/regressiontests/cache/tests.py
@@ -1256,6 +1256,28 @@ def test_cache_middleware_anonymous_only_wont_cause_session_access(self):
self.assertEqual(request.session.accessed, False)
+ def test_cache_middleware_anonymous_only_with_cache_page(self):
+ """CACHE_MIDDLEWARE_ANONYMOUS_ONLY should still be effective when used
+ with the cache_page decorator: the response to a request from an
+ authenticated user should not be cached."""
+ settings.CACHE_MIDDLEWARE_ANONYMOUS_ONLY = True
+
+ request = self.factory.get('/view_anon/')
+
+ class MockAuthenticatedUser(object):
+ def is_authenticated(self):
+ return True
+
+ class MockAccessedSession(object):
+ accessed = True
+
+ request.user = MockAuthenticatedUser()
+ request.session = MockAccessedSession()
+
+ response = cache_page(hello_world_view)(request, '1')
+
+ self.assertFalse("Cache-Control" in response)
+
def test_view_decorator(self):
# decorate the same view with different cache decorators
default_view = cache_page(hello_world_view)
View
5 tests/regressiontests/cache/urls.py
@@ -1,5 +0,0 @@
-from django.conf.urls.defaults import patterns
-
-urlpatterns = patterns('regressiontests.cache.views',
- (r'^$', 'home'),
-)
View
4 tests/regressiontests/cache/views.py
@@ -1,4 +0,0 @@
-from django.http import HttpResponse
-
-def home(request):
- return HttpResponse('Hello World!')
Please sign in to comment.
Something went wrong with that request. Please try again.