Added a CACHE_MIDDLEWARE_ANONYMOUS_ONLY setting which makes the cache ignore pages served to authenticated users. Fixes #1509 (thanks, Matt).

Also added a FAQ entry about using this setting to avoid caching of the admin interface. 


git-svn-id: http://code.djangoproject.com/svn/django/trunk@3395 bcc190cf-cafb-0310-a4f2-bffc1f526a37

django/middleware/cache.py

@@ -10,6 +10,11 @@ class CacheMiddleware(object):
 
     Only parameter-less GET or HEAD-requests with status code 200 are cached.
 
+    If CACHE_MIDDLEWARE_ANONYMOUS_ONLY is set to True, only anonymous requests
+    (i.e. those node made by a logged in user) will be cached. This is a
+    simple and effective way of avoiding the caching of the Django admin (and
+    any other user-specific content).
+
     This middleware expects that a HEAD request is answered with a response
     exactly like the corresponding GET request.
 
@@ -23,13 +28,17 @@ class CacheMiddleware(object):
     This middleware also sets ETag, Last-Modified, Expires and Cache-Control
     headers on the response object.
     """
-    def __init__(self, cache_timeout=None, key_prefix=None):
+    def __init__(self, cache_timeout=None, key_prefix=None, cache_anonymous_only=None):
         self.cache_timeout = cache_timeout
         if cache_timeout is None:
             self.cache_timeout = settings.CACHE_MIDDLEWARE_SECONDS
         self.key_prefix = key_prefix
         if key_prefix is None:
             self.key_prefix = settings.CACHE_MIDDLEWARE_KEY_PREFIX
+        if cache_anonymous is None:
+            self.cache_anonymous_only = settings.get('CACHE_MIDDLEWARE_ANONYMOUS_ONLY', False)
+        else:
+            self.cache_anonymous_only = cache_anonymous_only
 
     def process_request(self, request):
         "Checks whether the page is already cached and returns the cached version if available."
@@ -37,6 +46,10 @@ class CacheMiddleware(object):
             request._cache_update_cache = False
             return None # Don't bother checking the cache.
 
+        if self.cache_anonymous_only and request.user.is_authenticated():
+            request._cache_update_cache = False
+            return None # Don't cache requests from authenticated users.
+
         cache_key = get_cache_key(request, self.key_prefix)
         if cache_key is None:
             request._cache_update_cache = True

docs/cache.txt

@@ -230,7 +230,12 @@ Then, add the following required settings to your Django settings file:
   collisions. Use an empty string if you don't care.
 
 The cache middleware caches every page that doesn't have GET or POST
-parameters. Additionally, ``CacheMiddleware`` automatically sets a few headers
+parameters. Optionally, If the ``CACHE_MIDDLEWARE_ANONYMOUS_ONLY`` setting is
+``True``, only anonymous requests (i.e. those node made by a logged in user)
+will be cached. This is a simple and effective way of disabling caching on any
+user-specific content ( include Django's admin interface).
+
+Additionally, ``CacheMiddleware`` automatically sets a few headers
 in each ``HttpResponse``:
 
 * Sets the ``Last-Modified`` header to the current date/time when a fresh

docs/faq.txt

@@ -535,6 +535,14 @@ If you're sure your username and password are correct, make sure your user
 account has ``is_active`` and ``is_staff`` set to True. The admin site only
 allows access to users with those two fields both set to True.
 
+How can I prevent the cache middleware from caching the admin site?
+-------------------------------------------------------------------
+
+Set the ``CACHE_MIDDLEWARE_ANONYMOUS_ONLY`` setting to ``True``. See the
+`cache documentation`_ for more information.
+
+.. _cache documentation: ../cache/#the-per-site-cache
+
 How do I automatically set a field's value to the user who last edited the object in the admin?
 -----------------------------------------------------------------------------------------------