Site wide caching with Django - problems with password protected pages on logout

I've recently implemented sitewide caching using memcached on my Django application, I've set the TTL to about 500 seconds, and implement per view caches on other parts of the web application.

The problem I have is that when a user logs out, because it's a form post the site behaves as expected, however if they then go to a password protected part of the site, the application behaves as if they have still logged in, unless they hi开发者_如何转开发t "refresh". I'm new to caching, and wondering if I can do anything smart to prevent this?

I ran into similar issues. The standard Django way is to disable cache for authenticated users.

#settings.py
CACHE_MIDDLEWARE_ANONYMOUS_ONLY=True

It works fine if different users see different pages (example: their user name on them) and you can't have one version for them.

But if there are only 2 versions of page: for authenticated users and for others then it is not good to completely disable cache for authenticated users. I wrote an app that, besides all, make it possible to fine-tune cache in this case.

Update.

BTW: you mentioned that when you click 'refresh' correct version of page is received. It means that problem is client-side cache (Expires header or E-tag), not the server cache.

To prevent client-side caching (you have to do that if you have several versions of page under the same URL) use @cache_control(must_revalidate=True) decorator.

In the view of a password protected part of the site, do you check whether the user is registered or anonymous before fetching the data (and perhaps bringing data from cache)?

You should. Django helps you, with a login required decorator you can place on the view. Take a look at this: http://docs.djangoproject.com/en/dev/topics/auth/#the-login-required-decorator