Opened 10 years ago

Last modified 10 years ago

#24468 closed Cleanup/optimization

signed_cookies and PickleSerializer seems incompatible. — at Version 1

Reported by: Drife59 Owned by: nobody
Component: contrib.sessions Version: 1.7
Severity: Normal Keywords: PickleSerializer signed_cookies
Cc: Drife59 Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Drife59)

If you do the setup as following (I know it is not recommended for security reason):

SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'
SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'

It basically breaks render of template.

Here is the full stacktrace:

  File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/base.py", line 170, in _get_session
    return self._session_cache
AttributeError: 'SessionStore' object has no attribute '_session_cache'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.4/dist-packages/django/core/handlers/base.py", line 111, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "<path>/views.py", line 266, in <your View>
    if request.user.is_authenticated():
  File "/usr/local/lib/python3.4/dist-packages/django/utils/functional.py", line 224, in inner
    self._setup()
  File "/usr/local/lib/python3.4/dist-packages/django/utils/functional.py", line 357, in _setup
    self._wrapped = self._setupfunc()
  File "/usr/local/lib/python3.4/dist-packages/django/contrib/auth/middleware.py", line 22, in <lambda>
    request.user = SimpleLazyObject(lambda: get_user(request))
  File "/usr/local/lib/python3.4/dist-packages/django/contrib/auth/middleware.py", line 10, in get_user
    request._cached_user = auth.get_user(request)
  File "/usr/local/lib/python3.4/dist-packages/django/contrib/auth/__init__.py", line 152, in get_user
    user_id = request.session[SESSION_KEY]
  File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/base.py", line 49, in __getitem__
    return self._session[key]
  File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/base.py", line 175, in _get_session
    self._session_cache = self.load()
  File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/signed_cookies.py", line 20, in load
    salt='django.contrib.sessions.backends.signed_cookies')
  File "/usr/local/lib/python3.4/dist-packages/django/core/signing.py", line 145, in loads
    return serializer().loads(data)
  File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/serializers.py", line 17, in loads
    return pickle.loads(data)
_pickle.UnpicklingError: invalid load key, '{'.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/base.py", line 170, in _get_session
    return self._session_cache
AttributeError: 'SessionStore' object has no attribute '_session_cache'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.4/wsgiref/handlers.py", line 137, in run
    self.result = application(self.environ, self.start_response)
  File "/usr/local/lib/python3.4/dist-packages/django/contrib/staticfiles/handlers.py", line 64, in __call__
    return self.application(environ, start_response)
  File "/usr/local/lib/python3.4/dist-packages/django/core/handlers/wsgi.py", line 187, in __call__
    response = self.get_response(request)
  File "/usr/local/lib/python3.4/dist-packages/django/core/handlers/base.py", line 199, in get_response
    response = self.handle_uncaught_exception(request, resolver, sys.exc_info())
  File "/usr/local/lib/python3.4/dist-packages/django/core/handlers/base.py", line 236, in handle_uncaught_exception
    return debug.technical_500_response(request, *exc_info)
  File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py", line 91, in technical_500_response
    html = reporter.get_traceback_html()
  File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py", line 349, in get_traceback_html
    c = Context(self.get_traceback_data(), use_l10n=False)
  File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py", line 307, in get_traceback_data
    frames = self.get_traceback_frames()
  File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py", line 465, in get_traceback_frames
    'vars': self.filter.get_traceback_frame_variables(self.request, tb.tb_frame),
  File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py", line 232, in get_traceback_frame_variables
    cleansed[name] = self.cleanse_special_types(request, value)
  File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py", line 187, in cleanse_special_types
    if isinstance(value, HttpRequest):
  File "/usr/local/lib/python3.4/dist-packages/django/utils/functional.py", line 224, in inner
    self._setup()
  File "/usr/local/lib/python3.4/dist-packages/django/utils/functional.py", line 357, in _setup
    self._wrapped = self._setupfunc()
  File "/usr/local/lib/python3.4/dist-packages/django/contrib/auth/middleware.py", line 22, in <lambda>
    request.user = SimpleLazyObject(lambda: get_user(request))
  File "/usr/local/lib/python3.4/dist-packages/django/contrib/auth/middleware.py", line 10, in get_user
    request._cached_user = auth.get_user(request)
  File "/usr/local/lib/python3.4/dist-packages/django/contrib/auth/__init__.py", line 152, in get_user
    user_id = request.session[SESSION_KEY]
  File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/base.py", line 49, in __getitem__
    return self._session[key]
  File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/base.py", line 175, in _get_session
    self._session_cache = self.load()
  File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/signed_cookies.py", line 20, in load
    salt='django.contrib.sessions.backends.signed_cookies')
  File "/usr/local/lib/python3.4/dist-packages/django/core/signing.py", line 145, in loads
    return serializer().loads(data)
  File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/serializers.py", line 17, in loads
    return pickle.loads(data)
_pickle.UnpicklingError: invalid load key, '{'.

Of course replace " File "<path>/views.py", line 266, in <your View>" with your view.
I tried different views and same result each time.

Seems we cannot properly access to the session, for managing user.

I found no workaround but to use a different serializer or session engine.

Change History (1)

comment:1 by Drife59, 10 years ago

Description: modified (diff)
Note: See TracTickets for help on using tickets.
Back to Top