the specific case I am talking about deals with google analytics cookies, which are different for every user and sent with the request. When accessing request.user, I really only care about sessionid and csrftoken, if present. So sending a vary by cookie header back will cause all the unauthed/unsessioned users to miss the cache because of the GA cookies.
Since I have no use for these cookies in my code, and they are only used for external requests to GA, eliminating them somewhere (earlier the better) should improve cache hits, right? On Saturday, January 7, 2017 at 8:25:10 PM UTC+9, Florian Apolloner wrote: > > Hi Jeff, > > On Saturday, January 7, 2017 at 3:50:56 AM UTC+1, Jeff Willette wrote: >> >> What if there was an optional middleware early in the request processing >> that matched cookies based on a regex in settings and then modified the >> header to only include the matched cookies? >> > > I do not see how this would help -- you'd still have to set "Vary: Cookie" > on the response as soon as you are accessing request.user. Or is the goal > of this to allow Django's internal page caching stuff to ignore some > cookies? That seems doable, but very very dangerous. > > This issue reminds me of another issue I came up with (or as Carl puts it: > "…presenting the hypothetical case that exposed this bug."), namely > https://code.djangoproject.com/ticket/19649 -- Basically as soon as > Django accesses __any__ cookie we should set "Vary: Cookie", with all the > downsides this entails. I think we finally should fix that and put a fix > for it into the BaseHandler. > > What would be great would be an HTTP header which allowed for something > ala "Cache: if-request-did-not-have-cookies" -- usually it is pointless to > cache __anything__ with cookies anyways. That said, with all the analytics > super cookies out there, there are not many pages without cookies anymore :( > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/7d443c5e-5f70-421f-a44c-82dd6d71e477%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
