Opened 10 years ago
Closed 10 years ago
#24468 closed Cleanup/optimization (fixed)
signed_cookies backend crashes when switching from JSONSerializer to PickleSerializer
| Reported by: | Drife59 | Owned by: | Tim Graham |
|---|---|---|---|
| Component: | contrib.sessions | Version: | 1.7 |
| Severity: | Normal | Keywords: | PickleSerializer signed_cookies |
| Cc: | Drife59 | Triage Stage: | Accepted |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
If you do the setup as following (I know it is not recommended for security reason):
SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'
SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
It basically breaks render of template.
Here is the full stacktrace:
File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/base.py", line 170, in _get_session
return self._session_cache
AttributeError: 'SessionStore' object has no attribute '_session_cache'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.4/dist-packages/django/core/handlers/base.py", line 111, in get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "<path>/views.py", line 266, in <your View>
if request.user.is_authenticated():
File "/usr/local/lib/python3.4/dist-packages/django/utils/functional.py", line 224, in inner
self._setup()
File "/usr/local/lib/python3.4/dist-packages/django/utils/functional.py", line 357, in _setup
self._wrapped = self._setupfunc()
File "/usr/local/lib/python3.4/dist-packages/django/contrib/auth/middleware.py", line 22, in <lambda>
request.user = SimpleLazyObject(lambda: get_user(request))
File "/usr/local/lib/python3.4/dist-packages/django/contrib/auth/middleware.py", line 10, in get_user
request._cached_user = auth.get_user(request)
File "/usr/local/lib/python3.4/dist-packages/django/contrib/auth/__init__.py", line 152, in get_user
user_id = request.session[SESSION_KEY]
File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/base.py", line 49, in __getitem__
return self._session[key]
File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/base.py", line 175, in _get_session
self._session_cache = self.load()
File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/signed_cookies.py", line 20, in load
salt='django.contrib.sessions.backends.signed_cookies')
File "/usr/local/lib/python3.4/dist-packages/django/core/signing.py", line 145, in loads
return serializer().loads(data)
File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/serializers.py", line 17, in loads
return pickle.loads(data)
_pickle.UnpicklingError: invalid load key, '{'.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/base.py", line 170, in _get_session
return self._session_cache
AttributeError: 'SessionStore' object has no attribute '_session_cache'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.4/wsgiref/handlers.py", line 137, in run
self.result = application(self.environ, self.start_response)
File "/usr/local/lib/python3.4/dist-packages/django/contrib/staticfiles/handlers.py", line 64, in __call__
return self.application(environ, start_response)
File "/usr/local/lib/python3.4/dist-packages/django/core/handlers/wsgi.py", line 187, in __call__
response = self.get_response(request)
File "/usr/local/lib/python3.4/dist-packages/django/core/handlers/base.py", line 199, in get_response
response = self.handle_uncaught_exception(request, resolver, sys.exc_info())
File "/usr/local/lib/python3.4/dist-packages/django/core/handlers/base.py", line 236, in handle_uncaught_exception
return debug.technical_500_response(request, *exc_info)
File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py", line 91, in technical_500_response
html = reporter.get_traceback_html()
File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py", line 349, in get_traceback_html
c = Context(self.get_traceback_data(), use_l10n=False)
File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py", line 307, in get_traceback_data
frames = self.get_traceback_frames()
File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py", line 465, in get_traceback_frames
'vars': self.filter.get_traceback_frame_variables(self.request, tb.tb_frame),
File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py", line 232, in get_traceback_frame_variables
cleansed[name] = self.cleanse_special_types(request, value)
File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py", line 187, in cleanse_special_types
if isinstance(value, HttpRequest):
File "/usr/local/lib/python3.4/dist-packages/django/utils/functional.py", line 224, in inner
self._setup()
File "/usr/local/lib/python3.4/dist-packages/django/utils/functional.py", line 357, in _setup
self._wrapped = self._setupfunc()
File "/usr/local/lib/python3.4/dist-packages/django/contrib/auth/middleware.py", line 22, in <lambda>
request.user = SimpleLazyObject(lambda: get_user(request))
File "/usr/local/lib/python3.4/dist-packages/django/contrib/auth/middleware.py", line 10, in get_user
request._cached_user = auth.get_user(request)
File "/usr/local/lib/python3.4/dist-packages/django/contrib/auth/__init__.py", line 152, in get_user
user_id = request.session[SESSION_KEY]
File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/base.py", line 49, in __getitem__
return self._session[key]
File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/base.py", line 175, in _get_session
self._session_cache = self.load()
File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/signed_cookies.py", line 20, in load
salt='django.contrib.sessions.backends.signed_cookies')
File "/usr/local/lib/python3.4/dist-packages/django/core/signing.py", line 145, in loads
return serializer().loads(data)
File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/serializers.py", line 17, in loads
return pickle.loads(data)
_pickle.UnpicklingError: invalid load key, '{'.
Of course replace " File "<path>/views.py", line 266, in <your View>" with your view.
I tried different views and same result each time.
Seems we cannot properly access to the session, for managing user.
I found no workaround but to use a different serializer or session engine.
Change History (4)
comment:1 by , 10 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 10 years ago
| Cc: | added |
|---|
comment:3 by , 10 years ago
| Component: | Uncategorized → contrib.sessions |
|---|---|
| Has patch: | set |
| Owner: | changed from to |
| Status: | new → assigned |
| Summary: | signed_cookies and PickleSerializer seems incompatible. → signed_cookies backend crashes when switching from JSONSerializer to PickleSerializer |
| Triage Stage: | Unreviewed → Accepted |
| Type: | Uncategorized → Cleanup/optimization |
Note:
See TracTickets
for help on using tickets.
I think you had an existing session created with the
JSONSerializerand are trying to load it withPickleSerializer. We can modify the signed cookies backend to silently create a new session in this case. This is similar to the behavior of other backends.PR