On Tue, Sep 25, 2018 at 10:09 AM Mike Orr <sluggos...@gmail.com> wrote:
> On Mon, Sep 24, 2018 at 3:21 PM Michael Merickel <mmeri...@gmail.com> > wrote: > > We'd deprecate it in 1.10 and remove it in 2.0 as we're planning to do > with pickle-based sessions [2]. > > Why are pickle-based sessions being removed? I switched my serializers > to JSON but later switched them back because it was useful to have the > ability to cache non-JSONable objects in sessions. > You can read the security concerns in the pull request I linked. You're welcome to keep using pickle sessions (they support everything JSON supports), but Pyramid will be moving to only requiring JSON. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAKdhhwG_bKb%2B_pZKdAd%2B-fu4NiFYcH7qxOEpDO1vQvr4YCr_Zg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.