#15201: CACHE_MIDDLEWARE_ANONYMOUS_ONLY is ugly, misleading, and unnecessary,
and
should be deprecated
--------------------------------------+------------------------------------
Reporter: carljm | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Core (Cache system) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Comment (by aaugustin):
I hit this bug too. I only noticed because I have some randomized content
and it changed on every refresh instead of staying cached for some time.
In my case, the problem wasn't reproducible outside of the browser (eg.
with unit tests or with curl). The culprit was Google Analytics. It sets
`__utcma`, `__utcmb`, `__utcmc` and `__utcmz` cookies. Since Django's
cache engine honors `Vary: Cookie`, and my templates hide some parts for
anonymous users, this results in per-user cache instead of global cache.
This is a variant of point 2) in the report above.
I'm not familiar with tracking technology, but I believe cookies is the
most straightforward and compatible implementation. I expect this problem
to occur on any website that uses Google Analytics or a similar service.
In other words, `CACHE_MIDDLEWARE_ANONYMOUS_ONLY` most certainly
malfunctions silently for every non-trivial website, ''even if its
behavior is checked by unit tests''!
----
The feature we want here is "cache content for anonymous users, regardless
of Vary: Cookie". Obviously, it clashes with the current APIs, because it
means triggering HTTP-level caching based on application-level
information. And it works only under the assumption that, when a user is
anonymous, cookies aren't used for anything that affects the output
(besides determining that the user is anonymous).
This assumption cannot be checked automatically. It's something the
developer declares by turning `CACHE_MIDDLEWARE_ANONYMOUS_ONLY` on. For
instance, `{% if user.is_authenticated %}Welcome, {{ user }}!{% endif %}`
is enough to turn "Vary: Cookie" on, but the developer knows that it
results in the same output for all anonymous users. Often this holds true
for an entire site, and that's why `CACHE_MIDDLEWARE_ANONYMOUS_ONLY`
exists.
----
To sum up, the expected behavior is "ignore Vary: Cookie when caching
pages for anonymous users" (both for update and fetch).
I think that's a useful behavior, more useful that "cache pages that don't
have Vary: Cookie", because it's almost impossible not to have Vary:
Cookie.
If it cannot be implemented satisfactorily, then we should deprecate
`CACHE_MIDDLEWARE_ANONYMOUS_ONLY`.
----
Naive idea that I haven't tested:
- if the setting is on, the user is anonymous, and the Vary header
contains "Cookie"
- then remove "Cookie" from Vary, do the caching operations, and restore
"Cookie" in Vary.
--
Ticket URL: <https://code.djangoproject.com/ticket/15201#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
