From 99c0cc5300be21bd067aa9903b567ce64258942f Mon Sep 17 00:00:00 2001 From: Tim Graham Date: Wed, 3 Dec 2014 07:33:44 -0500 Subject: [1.7.x] Fixed #23939 -- Moved session verification out of SessionAuthenticationMiddleware. Thanks andrewbadr for the report and Carl Meyer for the review. Backport of b06dfad88fb12a927c86a1eb23064201c9560fb1 from master --- docs/releases/1.7.2.txt | 4 ++++ docs/releases/1.7.txt | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/releases/1.7.2.txt b/docs/releases/1.7.2.txt index a537207924..771e353818 100644 --- a/docs/releases/1.7.2.txt +++ b/docs/releases/1.7.2.txt @@ -104,3 +104,7 @@ Bugfixes * Fixed serialization of ``type`` when adding a ``deconstruct()`` method (:ticket:`23950`). + +* Prevented the + :class:`~django.contrib.auth.middleware.SessionAuthenticationMiddleware` from + setting a ``"Vary: Cookie"`` header on all responses. diff --git a/docs/releases/1.7.txt b/docs/releases/1.7.txt index 553e1028d3..04ca4393d7 100644 --- a/docs/releases/1.7.txt +++ b/docs/releases/1.7.txt @@ -1461,8 +1461,8 @@ Miscellaneous * With the addition of the :class:`~django.contrib.auth.middleware.SessionAuthenticationMiddleware` to - the default project template, a database must be created before accessing - a page using :djadmin:`runserver`. + the default project template (pre-1.7.2 only), a database must be created + before accessing a page using :djadmin:`runserver`. .. _deprecated-features-1.7: -- cgit v1.3