Re: [Django] #21002: Sessions: The switch from pickle to json silently mangles my session data

Fri, 30 Aug 2013 04:42:44 -0700 

#21002: Sessions: The switch from pickle to json silently mangles my session 
data
-------------------------------------+-------------------------------------
     Reporter:  jeroen.pulles@…      |                    Owner:  timo
         Type:                       |                   Status:  assigned
  Cleanup/optimization               |                  Version:
    Component:  Documentation        |  1.6-beta-1
     Severity:  Normal               |               Resolution:
     Keywords:                       |             Triage Stage:  Accepted
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by timo):

 * status:  new => assigned
 * needs_better_patch:   => 0
 * component:  contrib.sessions => Documentation
 * needs_tests:   => 0
 * owner:  nobody => timo
 * needs_docs:   => 0
 * type:  Uncategorized => Cleanup/optimization
 * stage:  Unreviewed => Accepted


Comment:

 Thanks for the feedback. This isn't a consequence of switching from JSON
 to pickle (as noted in the release notes "If you upgrade and switch from
 pickle to JSON, sessions created before the upgrade will be lost."), but
 rather a limitation of the JSON serializer -- keys are always serialized
 as strings in JSON. I believe we should handle this by documenting the
 caveat that you shouldn't use integer keys (or other types)  when using
 JSON serialization.

 I will clarify the docs regarding your question about `SECRET_KEY`.
 There's no inherent vulnerability in Django that would cause it to leak.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/21002#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/085.f453c7618feb0f0e35da4c5feaf0a761%40djangoproject.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to