#27604: Use set_signed_cookie for contrib.messages Cookie storage
-------------------------------------+-------------------------------------
     Reporter:  Anthony King         |                    Owner:  Craig
         Type:                       |  Anderson
  Cleanup/optimization               |                   Status:  assigned
    Component:  contrib.messages     |                  Version:  master
     Severity:  Normal               |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Florian Apolloner):

 >  However, as I've never left messages in storage for more than one or
 two request-response cycles, option 1 strikes me as reasonable and much
 cleaner.

 this is true, but even "just for one request" can be an issue for large
 sites. The safest bet is option two where we keep the dual decoding for a
 whole LTS period and then drop it. Given that 2.2 is already out and we
 cannot really safely introduce any new changes there I think we should
 merge option 2 into master and remove the second codepath in 4.2. This
 would mean that people upgrading from 2.2 (LTS) -> 3.2 (LTS) -> 4.2 (LTS)
 would not have (many) issues unless they directly jump from 2.2 -> 4.2

 We'd need a proper mention in the relevant release notes.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/27604#comment:8>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/067.659df346810631cd0f982d9bbc30147a%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to