Hi Jeff, On Saturday, January 7, 2017 at 3:50:56 AM UTC+1, Jeff Willette wrote: > > What if there was an optional middleware early in the request processing > that matched cookies based on a regex in settings and then modified the > header to only include the matched cookies? >
I do not see how this would help -- you'd still have to set "Vary: Cookie" on the response as soon as you are accessing request.user. Or is the goal of this to allow Django's internal page caching stuff to ignore some cookies? That seems doable, but very very dangerous. This issue reminds me of another issue I came up with (or as Carl puts it: "…presenting the hypothetical case that exposed this bug."), namely https://code.djangoproject.com/ticket/19649 -- Basically as soon as Django accesses __any__ cookie we should set "Vary: Cookie", with all the downsides this entails. I think we finally should fix that and put a fix for it into the BaseHandler. What would be great would be an HTTP header which allowed for something ala "Cache: if-request-did-not-have-cookies" -- usually it is pointless to cache __anything__ with cookies anyways. That said, with all the analytics super cookies out there, there are not many pages without cookies anymore :( -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/91d681aa-2bf2-46b5-820c-176a04b4499e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.