diff options
| -rw-r--r-- | AUTHORS | 1 | ||||
| -rw-r--r-- | django/contrib/sessions/middleware.py | 1 | ||||
| -rw-r--r-- | tests/sessions_tests/tests.py | 3 |
3 files changed, 5 insertions, 0 deletions
@@ -45,6 +45,7 @@ answer newbie questions, and generally made Django that much better: Alex Ogier <alex.ogier@gmail.com> Alex Robbins <alexander.j.robbins@gmail.com> Alexey Boriskin <alex@boriskin.me> + Alexey Tsivunin <most-208@yandex.ru> Aljosa Mohorovic <aljosa.mohorovic@gmail.com> Amit Chakradeo <https://amit.chakradeo.net/> Amit Ramon <amit.ramon@gmail.com> diff --git a/django/contrib/sessions/middleware.py b/django/contrib/sessions/middleware.py index 6795354cc5..6e59390981 100644 --- a/django/contrib/sessions/middleware.py +++ b/django/contrib/sessions/middleware.py @@ -40,6 +40,7 @@ class SessionMiddleware(MiddlewareMixin): path=settings.SESSION_COOKIE_PATH, domain=settings.SESSION_COOKIE_DOMAIN, ) + patch_vary_headers(response, ('Cookie',)) else: if accessed: patch_vary_headers(response, ('Cookie',)) diff --git a/tests/sessions_tests/tests.py b/tests/sessions_tests/tests.py index 0e8cb79fd5..e9896dc18a 100644 --- a/tests/sessions_tests/tests.py +++ b/tests/sessions_tests/tests.py @@ -748,6 +748,9 @@ class SessionMiddlewareTests(TestCase): ), str(response.cookies[settings.SESSION_COOKIE_NAME]) ) + # SessionMiddleware sets 'Vary: Cookie' to prevent the 'Set-Cookie' + # from being cached. + self.assertEqual(response['Vary'], 'Cookie') @override_settings(SESSION_COOKIE_DOMAIN='.example.local', SESSION_COOKIE_PATH='/example/') def test_session_delete_on_end_with_custom_domain_and_path(self): |
