Fixed #15201: Marked CACHE_MIDDLEWARE_ANONYMOUS_ONLY as deprecated

  of the response's "Cache-Control" header, falling back to the

  CACHE_MIDDLEWARE_SECONDS setting if the section was not found.

* If CACHE_MIDDLEWARE_ANONYMOUS_ONLY is set to True, only anonymous requests

  (i.e., those not made by a logged-in user) will be cached. This is a simple

  and effective way of avoiding the caching of the Django admin (and any other

  user-specific content).

* This middleware expects that a HEAD request is answered with the same response

  headers exactly like the corresponding GET request.

"""

import warnings

from django.conf import settings

from django.core.cache import get_cache, DEFAULT_CACHE_ALIAS

from django.utils.cache import get_cache_key, learn_cache_key, patch_response_headers, get_max_age

        else:

            self.cache_anonymous_only = cache_anonymous_only

        if self.cache_anonymous_only:

            msg = "CACHE_MIDDLEWARE_ANONYMOUS_ONLY has been deprecated and will be removed in Django 1.8."

            warnings.warn(msg, PendingDeprecationWarning, stacklevel=1)

        self.cache = get_cache(self.cache_alias, **cache_kwargs)

        self.cache_timeout = self.cache.default_timeout

:attr:`~django.contrib.auth.models.User.is_staff` set to True. The admin site

only allows access to users with those two fields both set to True.

How can I prevent the cache middleware from caching the admin site?

-------------------------------------------------------------------

Set the :setting:`CACHE_MIDDLEWARE_ANONYMOUS_ONLY` setting to ``True``. See the

:doc:`cache documentation </topics/cache>` for more information.

How do I automatically set a field's value to the user who last edited the object in the admin?

-----------------------------------------------------------------------------------------------

  ``django.test.testcases.OutputChecker`` will be removed. Instead use the

  doctest module from the Python standard library.

* The ``CACHE_MIDDLEWARE_ANONYMOUS_ONLY`` setting will be removed.

2.0

---

Default: ``False``

.. deprecated:: 1.6

    This setting was largely ineffective because of using cookies for sessions

    and CSRF. See the :doc:`Django 1.6 release notes</releases/1.6>` for more

    information.

If the value of this setting is ``True``, only anonymous requests (i.e., not

those made by a logged-in user) will be cached.  Otherwise, the middleware

caches every page that doesn't have GET or POST parameters.

If you set the value of this setting to ``True``, you should make sure you've

activated ``AuthenticationMiddleware``.

See :doc:`/topics/cache`.

.. setting:: CACHE_MIDDLEWARE_KEY_PREFIX

CACHE_MIDDLEWARE_KEY_PREFIX

:func:`~django.utils.safestring.mark_safe` or :ttag:`{% autoescape off %}

<autoescape>`.

``CACHE_MIDDLEWARE_ANONYMOUS_ONLY`` setting

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

``CacheMiddleware`` used to provide a way to cache requests only if they

weren't made by a logged-in user. This mechanism was largely ineffective

because the middleware correctly takes into account the ``Vary: Cookie`` HTTP

header, and this header is being set on a variety of occasions, such as:

* accessing the session, or

* using CSRF protection, which is turned on by default, or

* using a client-side library which sets cookies, like `Google Analytics`__.

This makes the cache effectively work on a per-session basis regardless of the

``CACHE_MIDDLEWARE_ANONYMOUS_ONLY`` setting.

__ http://www.google.com/analytics/

``SEND_BROKEN_LINK_EMAILS`` setting

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~