re-ordered middlkeware

1 files changed, 8 insertions, 9 deletions

diff --git a/settings.py b/settings.py
index 83ce1b3..2c843be 100644
--- a/settings.py
+++ b/settings.py
@@ -115,15 +115,14 @@ INSTALLED_APPS = (
 )
 
 MIDDLEWARE_CLASSES = (
-    'django.middleware.security.SecurityMiddleware',
-    'django.middleware.common.CommonMiddleware',
-    'django.contrib.sessions.middleware.SessionMiddleware',
-    'django.contrib.auth.middleware.AuthenticationMiddleware',
-    'django.middleware.csrf.CsrfViewMiddleware',
-    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
-    'django.contrib.messages.middleware.MessageMiddleware',
-    'django.middleware.clickjacking.XFrameOptionsMiddleware',
-    'troggle.middleware.SmartAppendSlashMiddleware'
+    'django.middleware.security.SecurityMiddleware', # SECURE_SSL_REDIRECT and SECURE_SSL_HOST
+    'django.contrib.sessions.middleware.SessionMiddleware', # Manages sessions across requests
+    'django.middleware.common.CommonMiddleware', # DISALLOWED_USER_AGENTS, APPEND_SLASH and PREPEND_WWW
+    'django.middleware.csrf.CsrfViewMiddleware', # Cross Site Request Forgeries by adding hidden form fields to POST
+    'django.contrib.auth.middleware.AuthenticationMiddleware',  # Adds the user attribute, representing the currently-logged-in user, to every incoming HttpRequest
+    'django.contrib.messages.middleware.MessageMiddleware', # Cookie-based and session-based message support
+    'django.middleware.clickjacking.XFrameOptionsMiddleware', # lickjacking protection via the X-Frame-Options header
+    'troggle.middleware.SmartAppendSlashMiddleware' # Outdated & unneeded?
 )
 
 ROOT_URLCONF = 'troggle.urls'