#21002: Sessions: The switch from pickle to json silently mangles my session data -------------------------------------+------------------------------------- Reporter: jeroen.pulles@… | Owner: timo Type: | Status: assigned Cleanup/optimization | Version: Component: Documentation | 1.6-beta-1 Severity: Normal | Resolution: Keywords: | Triage Stage: Accepted Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 -------------------------------------+------------------------------------- Changes (by timo):
* status: new => assigned * needs_better_patch: => 0 * component: contrib.sessions => Documentation * needs_tests: => 0 * owner: nobody => timo * needs_docs: => 0 * type: Uncategorized => Cleanup/optimization * stage: Unreviewed => Accepted Comment: Thanks for the feedback. This isn't a consequence of switching from JSON to pickle (as noted in the release notes "If you upgrade and switch from pickle to JSON, sessions created before the upgrade will be lost."), but rather a limitation of the JSON serializer -- keys are always serialized as strings in JSON. I believe we should handle this by documenting the caveat that you shouldn't use integer keys (or other types) when using JSON serialization. I will clarify the docs regarding your question about `SECRET_KEY`. There's no inherent vulnerability in Django that would cause it to leak. -- Ticket URL: <https://code.djangoproject.com/ticket/21002#comment:1> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/085.f453c7618feb0f0e35da4c5feaf0a761%40djangoproject.com. For more options, visit https://groups.google.com/groups/opt_out.