Fixed #15201: Marked CACHE_MIDDLEWARE_ANONYMOUS_ONLY as deprecated

2025-11-07 07:15:35 +00:00 · 2013-05-18 16:10:14 +02:00
parent 398841d6d3
commit bd97f7d0cb
7 changed files with 39 additions and 25 deletions
--- a/docs/releases/1.6.txt
+++ b/docs/releases/1.6.txt
@@ -569,6 +569,23 @@ If necessary, you can temporarily disable auto-escaping with
 :func:`~django.utils.safestring.mark_safe` or :ttag:`{% autoescape off %}
 <autoescape>`.

+``CACHE_MIDDLEWARE_ANONYMOUS_ONLY`` setting
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+``CacheMiddleware`` used to provide a way to cache requests only if they
+weren't made by a logged-in user. This mechanism was largely ineffective
+because the middleware correctly takes into account the ``Vary: Cookie`` HTTP
+header, and this header is being set on a variety of occasions, such as:
+
+* accessing the session, or
+* using CSRF protection, which is turned on by default, or
+* using a client-side library which sets cookies, like `Google Analytics`__.
+
+This makes the cache effectively work on a per-session basis regardless of the
+``CACHE_MIDDLEWARE_ANONYMOUS_ONLY`` setting.
+
+__ http://www.google.com/analytics/
+
 ``SEND_BROKEN_LINK_EMAILS`` setting
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~