Ubuntu Developer Portal

Merge lp:~mhall119/developer-ubuntu-com/cache-cooke-fix into lp:developer-ubuntu-com

  1. cache-cooke-fix
  2. Merge into stable
Proposed by Michael Hall
Status: Merged
Approved by: Michael Hall
Approved revision: 115
Merged at revision: 116
Proposed branch: lp:~mhall119/developer-ubuntu-com/cache-cooke-fix
Merge into: lp:developer-ubuntu-com
Diff against target: 14 lines (+4/-0)
1 file modified
developer_portal/middleware.py (+4/-0)
To merge this branch: bzr merge lp:~mhall119/developer-ubuntu-com/cache-cooke-fix
Reviewer Review Type Date Requested Status
Nicholas Skaggs (community) Approve
Ubuntu App Developer site developers Pending
Review via email: mp+259417@code.launchpad.net

Commit message

changes the cache-friendly middleware to only strip out session cookies when the user is not logged in *and* when it's a 200 status code.

Description of the change

In order to facilitate caching in China, we strip out session cookies for not logged in requests. However, in situations where there is a 404, 500, or other non-success status code, the Django response does not include the logged in user object, which would cause those logged in user to have their session cookie removed, effectively logging them out.

This changes the cache-friendly middleware to only strip out session cookies when the user is not logged in *and* when it's a 200 status code.

To post a comment you must log in.
Revision history for this message
Nicholas Skaggs (nskaggs) wrote :

+1, this will ensure we only change the response on non-200 status pages. Regarding other codes:

<balloons> mhall119, what about other codes.. so we be explicit instead of implicit? I'm curious about redirects for instance
<mhall119> redirects didn't seem to be a problem
<mhall119> but there's no real reason to share cached responses other than 200
<mhall119> and as far as I know, those are always guaranteed to have a user object associated with them when the user is logged in

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'developer_portal/middleware.py'
2--- developer_portal/middleware.py 2014-12-19 18:34:54 +0000
3+++ developer_portal/middleware.py 2015-05-18 18:24:29 +0000
4@@ -15,6 +15,10 @@
5 def process_response(self, request, response):
6 response = super(CacheFriendlySessionMiddleware, self).process_response(request, response)
7
8+ #Don't do anything if it's a redirect, not found, or error
9+ if response.status_code != 200:
10+ return response
11+
12 #You have access to request.user in this method
13 if not hasattr(request, 'user') or not request.user.is_authenticated():
14 response.delete_cookie(settings.SESSION_COOKIE_NAME)

Subscribers

People subscribed via source and target branches