diff -r b758351d191f -r cc9b7e14412b web/lib/django/contrib/auth/context_processors.py
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/web/lib/django/contrib/auth/context_processors.py	Tue May 25 02:43:45 2010 +0200
@@ -0,0 +1,33 @@
+from django.core.context_processors import PermWrapper
+from django.utils.functional import lazy, memoize, SimpleLazyObject
+from django.contrib import messages
+
+def auth(request):
+    """
+    Returns context variables required by apps that use Django's authentication
+    system.
+
+    If there is no 'user' attribute in the request, uses AnonymousUser (from
+    django.contrib.auth).
+    """
+    # If we access request.user, request.session is accessed, which results in
+    # 'Vary: Cookie' being sent in every request that uses this context
+    # processor, which can easily be every request on a site if
+    # TEMPLATE_CONTEXT_PROCESSORS has this context processor added.  This kills
+    # the ability to cache.  So, we carefully ensure these attributes are lazy.
+    # We don't use django.utils.functional.lazy() for User, because that
+    # requires knowing the class of the object we want to proxy, which could
+    # break with custom auth backends.  LazyObject is a less complete but more
+    # flexible solution that is a good enough wrapper for 'User'.
+    def get_user():
+        if hasattr(request, 'user'):
+            return request.user
+        else:
+            from django.contrib.auth.models import AnonymousUser
+            return AnonymousUser()
+
+    return {
+        'user': SimpleLazyObject(get_user),
+        'messages': messages.get_messages(request),
+        'perms':  lazy(lambda: PermWrapper(get_user()), PermWrapper)(),
+    }