id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
14652	Sessions seem to be improperly using Pickle to hash a dictionary	Paul McMillan	nobody	"Session dicts are stored as a pickle, and the integrity of that pickle is verified by a hash:

http://code.djangoproject.com/browser/django/trunk/django/contrib/sessions/backends/base.py#L91

This seems to be an improper use of pickle, since the order of dictionaries is not guaranteed. [http://bugs.python.org/issue640645#msg13401 Tim Peters says]:
{{{
The internals of pickle strings aren't 
guaranteed, just that ""they work"" when unpickled again, and 
these do.  If you want a hash code for a dict, don't dare use 
pickle for this either, even if it appears ""to work"":  it doesn't.  
The order in which dict keys are enumerated isn't defined 
either, and can and does vary across releases, and even 
across program runs.
}}}

Pickling as a `SortedDict` would resolve the most direct issue, but would not prevent users from using nested `dicts` improperly."		closed	contrib.sessions	1.2		invalid			Unreviewed	0	0	0	0	0	0