summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2014-12-03 07:33:44 -0500
committerTim Graham <timograham@gmail.com>2014-12-03 13:42:02 -0500
commit99c0cc5300be21bd067aa9903b567ce64258942f (patch)
tree4af40485df6fb48626fb49c98676d849aa6c4f64 /docs
parente9975ed3cd3243d78b89fe2b44a152263ba5a602 (diff)
[1.7.x] Fixed #23939 -- Moved session verification out of SessionAuthenticationMiddleware.
Thanks andrewbadr for the report and Carl Meyer for the review. Backport of b06dfad88fb12a927c86a1eb23064201c9560fb1 from master
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/1.7.2.txt4
-rw-r--r--docs/releases/1.7.txt4
2 files changed, 6 insertions, 2 deletions
diff --git a/docs/releases/1.7.2.txt b/docs/releases/1.7.2.txt
index a537207924..771e353818 100644
--- a/docs/releases/1.7.2.txt
+++ b/docs/releases/1.7.2.txt
@@ -104,3 +104,7 @@ Bugfixes
* Fixed serialization of ``type`` when adding a ``deconstruct()`` method
(:ticket:`23950`).
+
+* Prevented the
+ :class:`~django.contrib.auth.middleware.SessionAuthenticationMiddleware` from
+ setting a ``"Vary: Cookie"`` header on all responses.
diff --git a/docs/releases/1.7.txt b/docs/releases/1.7.txt
index 553e1028d3..04ca4393d7 100644
--- a/docs/releases/1.7.txt
+++ b/docs/releases/1.7.txt
@@ -1461,8 +1461,8 @@ Miscellaneous
* With the addition of the
:class:`~django.contrib.auth.middleware.SessionAuthenticationMiddleware` to
- the default project template, a database must be created before accessing
- a page using :djadmin:`runserver`.
+ the default project template (pre-1.7.2 only), a database must be created
+ before accessing a page using :djadmin:`runserver`.
.. _deprecated-features-1.7: