#27686: calls to request.user.is_authenticated returns vary by cookie header for
all users
     Reporter:  Jeff Willette        |                    Owner:  Jeff
                                     |  Willette
         Type:  Bug                  |                   Status:  closed
    Component:  contrib.sessions     |                  Version:  1.10
     Severity:  Normal               |               Resolution:  invalid
     Keywords:                       |             Triage Stage:
                                     |  Unreviewed
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
Changes (by Carlton Gibson):

 * status:  new => closed
 * resolution:   => invalid


 Hi David.

 As I read the discussion, the issue is that the `is_authenticated()` check
 could return `True`, i.e. if there's any point in checking it at all, then
 we really **should** set the `Vary` header.
 (Hence the ticket being closed as invalid.)

 This is independent of whether there's a way we could detect this without
 triggering it being set, which would be to introduce a regression on this

 Please see the
 tickets/ Triage Flow guidelines] and
 TicketClosingReasons/DontReopenTickets — if there's doubt about a
 resolution, much better that it's addressed on the DevelopersMailingList
 where it can be properly discussed. Thanks.

Ticket URL: <https://code.djangoproject.com/ticket/27686#comment:8>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 

Reply via email to