1
0
mirror of https://github.com/django/django.git synced 2024-12-22 09:05:43 +00:00

Fixed #29471 -- Added 'Vary: Cookie' to invalid/empty session cookie responses.

This commit is contained in:
birthdaysgift 2019-03-18 18:15:06 +03:00 committed by Tim Graham
parent d64808cacd
commit dc740dde50
3 changed files with 5 additions and 0 deletions

View File

@ -45,6 +45,7 @@ answer newbie questions, and generally made Django that much better:
Alex Ogier <alex.ogier@gmail.com>
Alex Robbins <alexander.j.robbins@gmail.com>
Alexey Boriskin <alex@boriskin.me>
Alexey Tsivunin <most-208@yandex.ru>
Aljosa Mohorovic <aljosa.mohorovic@gmail.com>
Amit Chakradeo <https://amit.chakradeo.net/>
Amit Ramon <amit.ramon@gmail.com>

View File

@ -40,6 +40,7 @@ class SessionMiddleware(MiddlewareMixin):
path=settings.SESSION_COOKIE_PATH,
domain=settings.SESSION_COOKIE_DOMAIN,
)
patch_vary_headers(response, ('Cookie',))
else:
if accessed:
patch_vary_headers(response, ('Cookie',))

View File

@ -748,6 +748,9 @@ class SessionMiddlewareTests(TestCase):
),
str(response.cookies[settings.SESSION_COOKIE_NAME])
)
# SessionMiddleware sets 'Vary: Cookie' to prevent the 'Set-Cookie'
# from being cached.
self.assertEqual(response['Vary'], 'Cookie')
@override_settings(SESSION_COOKIE_DOMAIN='.example.local', SESSION_COOKIE_PATH='/example/')
def test_session_delete_on_end_with_custom_domain_and_path(self):