#27604: Use set_signed_cookie for contrib.messages Cookie storage
-------------------------------------+-------------------------------------
Reporter: Anthony King | Owner: Craig
Type: | Anderson
Cleanup/optimization | Status: assigned
Component: contrib.messages | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Florian Apolloner):
> However, as I've never left messages in storage for more than one or
two request-response cycles, option 1 strikes me as reasonable and much
cleaner.
this is true, but even "just for one request" can be an issue for large
sites. The safest bet is option two where we keep the dual decoding for a
whole LTS period and then drop it. Given that 2.2 is already out and we
cannot really safely introduce any new changes there I think we should
merge option 2 into master and remove the second codepath in 4.2. This
would mean that people upgrading from 2.2 (LTS) -> 3.2 (LTS) -> 4.2 (LTS)
would not have (many) issues unless they directly jump from 2.2 -> 4.2
We'd need a proper mention in the relevant release notes.
--
Ticket URL: <https://code.djangoproject.com/ticket/27604#comment:8>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/067.659df346810631cd0f982d9bbc30147a%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
