Sessions seem to be improperly using Pickle to hash a dictionary
|Reported by:||PaulM||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Session dicts are stored as a pickle, and the integrity of that pickle is verified by a hash:
This seems to be an improper use of pickle, since the order of dictionaries is not guaranteed. Tim Peters says:
The internals of pickle strings aren't guaranteed, just that "they work" when unpickled again, and these do. If you want a hash code for a dict, don't dare use pickle for this either, even if it appears "to work": it doesn't. The order in which dict keys are enumerated isn't defined either, and can and does vary across releases, and even across program runs.
Pickling as a SortedDict would resolve the most direct issue, but would not prevent users from using nested dicts improperly.
Change History (4)
comment:1 Changed 5 years ago by lukeplant
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Resolution set to invalid
- Status changed from new to closed