summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2014-12-03 07:33:44 -0500
committerTim Graham <timograham@gmail.com>2014-12-03 13:11:47 -0500
commitb06dfad88fb12a927c86a1eb23064201c9560fb1 (patch)
treeea5072ac5d2b4028f1957654d8df8eccea521773 /docs
parent26dd518b5c0c6f4a7678bfb7bd3ed0bf8dc8978e (diff)
Fixed #23939 -- Moved session verification out of SessionAuthenticationMiddleware.
Thanks andrewbadr for the report and Carl Meyer for the review.
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/1.7.2.txt4
-rw-r--r--docs/releases/1.7.txt4
2 files changed, 6 insertions, 2 deletions
diff --git a/docs/releases/1.7.2.txt b/docs/releases/1.7.2.txt
index a537207924..771e353818 100644
--- a/docs/releases/1.7.2.txt
+++ b/docs/releases/1.7.2.txt
@@ -104,3 +104,7 @@ Bugfixes
* Fixed serialization of ``type`` when adding a ``deconstruct()`` method
(:ticket:`23950`).
+
+* Prevented the
+ :class:`~django.contrib.auth.middleware.SessionAuthenticationMiddleware` from
+ setting a ``"Vary: Cookie"`` header on all responses.
diff --git a/docs/releases/1.7.txt b/docs/releases/1.7.txt
index e14fd8bc48..c6b31074ad 100644
--- a/docs/releases/1.7.txt
+++ b/docs/releases/1.7.txt
@@ -1461,8 +1461,8 @@ Miscellaneous
* With the addition of the
:class:`~django.contrib.auth.middleware.SessionAuthenticationMiddleware` to
- the default project template, a database must be created before accessing
- a page using :djadmin:`runserver`.
+ the default project template (pre-1.7.2 only), a database must be created
+ before accessing a page using :djadmin:`runserver`.
.. _deprecated-features-1.7: