diff options
| author | Tim Graham <timograham@gmail.com> | 2014-12-03 07:33:44 -0500 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2014-12-03 13:42:02 -0500 |
| commit | 99c0cc5300be21bd067aa9903b567ce64258942f (patch) | |
| tree | 4af40485df6fb48626fb49c98676d849aa6c4f64 /docs | |
| parent | e9975ed3cd3243d78b89fe2b44a152263ba5a602 (diff) | |
[1.7.x] Fixed #23939 -- Moved session verification out of SessionAuthenticationMiddleware.
Thanks andrewbadr for the report and Carl Meyer for the review.
Backport of b06dfad88fb12a927c86a1eb23064201c9560fb1 from master
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/releases/1.7.2.txt | 4 | ||||
| -rw-r--r-- | docs/releases/1.7.txt | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/docs/releases/1.7.2.txt b/docs/releases/1.7.2.txt index a537207924..771e353818 100644 --- a/docs/releases/1.7.2.txt +++ b/docs/releases/1.7.2.txt @@ -104,3 +104,7 @@ Bugfixes * Fixed serialization of ``type`` when adding a ``deconstruct()`` method (:ticket:`23950`). + +* Prevented the + :class:`~django.contrib.auth.middleware.SessionAuthenticationMiddleware` from + setting a ``"Vary: Cookie"`` header on all responses. diff --git a/docs/releases/1.7.txt b/docs/releases/1.7.txt index 553e1028d3..04ca4393d7 100644 --- a/docs/releases/1.7.txt +++ b/docs/releases/1.7.txt @@ -1461,8 +1461,8 @@ Miscellaneous * With the addition of the :class:`~django.contrib.auth.middleware.SessionAuthenticationMiddleware` to - the default project template, a database must be created before accessing - a page using :djadmin:`runserver`. + the default project template (pre-1.7.2 only), a database must be created + before accessing a page using :djadmin:`runserver`. .. _deprecated-features-1.7: |
