Fixed #29471 -- Added 'Vary: Cookie' to invalid/empty session cookie responses.

This commit is contained in:
birthdaysgift 2019-03-18 18:15:06 +03:00 committed by Tim Graham
parent d64808cacd
commit dc740dde50
3 changed files with 5 additions and 0 deletions

View File

@ -45,6 +45,7 @@ answer newbie questions, and generally made Django that much better:
Alex Ogier <alex.ogier@gmail.com> Alex Ogier <alex.ogier@gmail.com>
Alex Robbins <alexander.j.robbins@gmail.com> Alex Robbins <alexander.j.robbins@gmail.com>
Alexey Boriskin <alex@boriskin.me> Alexey Boriskin <alex@boriskin.me>
Alexey Tsivunin <most-208@yandex.ru>
Aljosa Mohorovic <aljosa.mohorovic@gmail.com> Aljosa Mohorovic <aljosa.mohorovic@gmail.com>
Amit Chakradeo <https://amit.chakradeo.net/> Amit Chakradeo <https://amit.chakradeo.net/>
Amit Ramon <amit.ramon@gmail.com> Amit Ramon <amit.ramon@gmail.com>

View File

@ -40,6 +40,7 @@ class SessionMiddleware(MiddlewareMixin):
path=settings.SESSION_COOKIE_PATH, path=settings.SESSION_COOKIE_PATH,
domain=settings.SESSION_COOKIE_DOMAIN, domain=settings.SESSION_COOKIE_DOMAIN,
) )
patch_vary_headers(response, ('Cookie',))
else: else:
if accessed: if accessed:
patch_vary_headers(response, ('Cookie',)) patch_vary_headers(response, ('Cookie',))

View File

@ -748,6 +748,9 @@ class SessionMiddlewareTests(TestCase):
), ),
str(response.cookies[settings.SESSION_COOKIE_NAME]) str(response.cookies[settings.SESSION_COOKIE_NAME])
) )
# SessionMiddleware sets 'Vary: Cookie' to prevent the 'Set-Cookie'
# from being cached.
self.assertEqual(response['Vary'], 'Cookie')
@override_settings(SESSION_COOKIE_DOMAIN='.example.local', SESSION_COOKIE_PATH='/example/') @override_settings(SESSION_COOKIE_DOMAIN='.example.local', SESSION_COOKIE_PATH='/example/')
def test_session_delete_on_end_with_custom_domain_and_path(self): def test_session_delete_on_end_with_custom_domain_and_path(self):