Fixed #3586 -- Only output "Vary: Cookie" HTTP header when the sessio…

…n object

is accessed. Leads to better caching performance. Thanks, Owen Griffiths.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@4680 bcc190cf-cafb-0310-a4f2-bffc1f526a37

AUTHORS

@@ -89,6 +89,7 @@ answer newbie questions, and generally made Django that much better:
     Baishampayan Ghose
     martin.glueck@gmail.com
     Simon Greenhill <dev@simon.net.nz>
+    Owen Griffiths
     Espen Grindhaug <http://grindhaug.org/>
     Brian Harring <ferringb@gmail.com>
     Brant Harris

django/contrib/sessions/middleware.py

@@ -10,6 +10,7 @@
 class SessionWrapper(object):
     def __init__(self, session_key):
         self.session_key = session_key
+        self.accessed = False
         self.modified = False
 
     def __contains__(self, key):
@@ -46,6 +47,7 @@ def delete_test_cookie(self):
 
     def _get_session(self):
         # Lazily loads session from storage.
+        self.accessed = True
         try:
             return self._session_cache
         except AttributeError:
@@ -72,12 +74,14 @@ def process_request(self, request):
     def process_response(self, request, response):
         # If request.session was modified, or if response.session was set, save
         # those changes and set a session cookie.
-        patch_vary_headers(response, ('Cookie',))
         try:
+            accessed = request.session.accessed
             modified = request.session.modified
         except AttributeError:
             pass
         else:
+            if accessed:
+                patch_vary_headers(response, ('Cookie',))
             if modified or settings.SESSION_SAVE_EVERY_REQUEST:
                 session_key = request.session.session_key or Session.objects.get_new_session_key()
                 if settings.SESSION_EXPIRE_AT_BROWSER_CLOSE: