[Django] #24468: signed_cookies and PickleSerializer seems incompatible.
Django
-----------------------------+---------------------------------------------
Reporter: Drife59 | Owner: nobody
Type: | Status: new
Uncategorized |
Component: | Version: 1.7
Uncategorized |
Severity: Normal | Keywords: PickleSerializer signed_cookies
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-----------------------------+---------------------------------------------
If you do the setup as following (I know it is not recommended for
security reason):
SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'
SESSION_SERIALIZER =
'django.contrib.sessions.serializers.PickleSerializer'
It basically breaks render of template.
Here is the full stacktrace:
File "/usr/local/lib/python3.4/dist-
packages/django/contrib/sessions/backends/base.py", line 170, in
_get_session
return self._session_cache
AttributeError: 'SessionStore' object has no attribute '_session_cache'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.4/dist-
packages/django/core/handlers/base.py", line 111, in get_response
response = wrapped_callback(request, *callback_args,
**callback_kwargs)
File "<path>/views.py", line 266, in <your View>
if request.user.is_authenticated():
File "/usr/local/lib/python3.4/dist-
packages/django/utils/functional.py", line 224, in inner
self._setup()
File "/usr/local/lib/python3.4/dist-
packages/django/utils/functional.py", line 357, in _setup
self._wrapped = self._setupfunc()
File "/usr/local/lib/python3.4/dist-
packages/django/contrib/auth/middleware.py", line 22, in <lambda>
request.user = SimpleLazyObject(lambda: get_user(request))
File "/usr/local/lib/python3.4/dist-
packages/django/contrib/auth/middleware.py", line 10, in get_user
request._cached_user = auth.get_user(request)
File "/usr/local/lib/python3.4/dist-
packages/django/contrib/auth/__init__.py", line 152, in get_user
user_id = request.session[SESSION_KEY]
File "/usr/local/lib/python3.4/dist-
packages/django/contrib/sessions/backends/base.py", line 49, in
__getitem__
return self._session[key]
File "/usr/local/lib/python3.4/dist-
packages/django/contrib/sessions/backends/base.py", line 175, in
_get_session
self._session_cache = self.load()
File "/usr/local/lib/python3.4/dist-
packages/django/contrib/sessions/backends/signed_cookies.py", line 20, in
load
salt='django.contrib.sessions.backends.signed_cookies')
File "/usr/local/lib/python3.4/dist-packages/django/core/signing.py",
line 145, in loads
return serializer().loads(data)
File "/usr/local/lib/python3.4/dist-
packages/django/contrib/sessions/serializers.py", line 17, in loads
return pickle.loads(data)
_pickle.UnpicklingError: invalid load key, '{'.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.4/dist-
packages/django/contrib/sessions/backends/base.py", line 170, in
_get_session
return self._session_cache
AttributeError: 'SessionStore' object has no attribute '_session_cache'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.4/wsgiref/handlers.py", line 137, in run
self.result = application(self.environ, self.start_response)
File "/usr/local/lib/python3.4/dist-
packages/django/contrib/staticfiles/handlers.py", line 64, in __call__
return self.application(environ, start_response)
File "/usr/local/lib/python3.4/dist-
packages/django/core/handlers/wsgi.py", line 187, in __call__
response = self.get_response(request)
File "/usr/local/lib/python3.4/dist-
packages/django/core/handlers/base.py", line 199, in get_response
response = self.handle_uncaught_exception(request, resolver,
sys.exc_info())
File "/usr/local/lib/python3.4/dist-
packages/django/core/handlers/base.py", line 236, in
handle_uncaught_exception
return debug.technical_500_response(request, *exc_info)
File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py",
line 91, in technical_500_response
html = reporter.get_traceback_html()
File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py",
line 349, in get_traceback_html
c = Context(self.get_traceback_data(), use_l10n=False)
File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py",
line 307, in get_traceback_data
frames = self.get_traceback_frames()
File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py",
line 465, in get_traceback_frames
'vars': self.filter.get_traceback_frame_variables(self.request,
tb.tb_frame),
File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py",
line 232, in get_traceback_frame_variables
cleansed[name] = self.cleanse_special_types(request, value)
File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py",
line 187, in cleanse_special_types
if isinstance(value, HttpRequest):
File "/usr/local/lib/python3.4/dist-
packages/django/utils/functional.py", line 224, in inner
self._setup()
File "/usr/local/lib/python3.4/dist-
packages/django/utils/functional.py", line 357, in _setup
self._wrapped = self._setupfunc()
File "/usr/local/lib/python3.4/dist-
packages/django/contrib/auth/middleware.py", line 22, in <lambda>
request.user = SimpleLazyObject(lambda: get_user(request))
File "/usr/local/lib/python3.4/dist-
packages/django/contrib/auth/middleware.py", line 10, in get_user
request._cached_user = auth.get_user(request)
File "/usr/local/lib/python3.4/dist-
packages/django/contrib/auth/__init__.py", line 152, in get_user
user_id = request.session[SESSION_KEY]
File "/usr/local/lib/python3.4/dist-
packages/django/contrib/sessions/backends/base.py", line 49, in
__getitem__
return self._session[key]
File "/usr/local/lib/python3.4/dist-
packages/django/contrib/sessions/backends/base.py", line 175, in
_get_session
self._session_cache = self.load()
File "/usr/local/lib/python3.4/dist-
packages/django/contrib/sessions/backends/signed_cookies.py", line 20, in
load
salt='django.contrib.sessions.backends.signed_cookies')
File "/usr/local/lib/python3.4/dist-packages/django/core/signing.py",
line 145, in loads
return serializer().loads(data)
File "/usr/local/lib/python3.4/dist-
packages/django/contrib/sessions/serializers.py", line 17, in loads
return pickle.loads(data)
_pickle.UnpicklingError: invalid load key, '{'.
Of course replace " File "<path>/views.py", line 266, in <your View>"
with your view.
I tried different views and same result each time.
Seems we cannot properly access to the session, for managing user.
I found no workaround but to use a different serializer or session engine.
--
Ticket URL: <https://code.djangoproject.com/ticket/24468>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: Drife59 | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.7
Severity: Normal | Resolution:
Keywords: PickleSerializer | Triage Stage:
signed_cookies | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Drife59):
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
Old description:
New description:
--
--
Ticket URL: <https://code.djangoproject.com/ticket/24468#comment:1>
Django
Reporter: Drife59 | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.7
Severity: Normal | Resolution:
Keywords: PickleSerializer | Triage Stage:
signed_cookies | Unreviewed
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Drife59):
* cc: Drife59 (added)
--
Ticket URL: <https://code.djangoproject.com/ticket/24468#comment:2>
Django
PickleSerializer
-------------------------------------+-------------------------------------
Reporter: Drife59 | Owner: timgraham
Type: | Status: assigned
Cleanup/optimization |
Component: contrib.sessions | Version: 1.7
Severity: Normal | Resolution:
Keywords: PickleSerializer | Triage Stage: Accepted
signed_cookies |
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by timgraham):
* status: new => assigned
* component: Uncategorized => contrib.sessions
* owner: nobody => timgraham
* has_patch: 0 => 1
* type: Uncategorized => Cleanup/optimization
* stage: Unreviewed => Accepted
Comment:
I think you had an existing session created with the `JSONSerializer` and
are trying to load it with `PickleSerializer`. We can modify the signed
cookies backend to silently create a new session in this case. This is
similar to the behavior of other backends.
[https://github.com/django/django/pull/4299 PR]
--
Ticket URL: <https://code.djangoproject.com/ticket/24468#comment:3>
Django
PickleSerializer
-------------------------------------+-------------------------------------
Reporter: Drife59 | Owner: timgraham
Cleanup/optimization |
Component: contrib.sessions | Version: 1.7
Keywords: PickleSerializer | Triage Stage: Accepted
signed_cookies |
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham <timograham@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"8a481498aa995b435d8c3a0c90d7d917046f59b3" 8a481498]:
{{{
#!CommitTicketReference repository=""
revision="8a481498aa995b435d8c3a0c90d7d917046f59b3"
Fixed #24468 -- Made signed cookies cache backend resilient to unpickling
exceptions.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/24468#comment:4>