Opened 13 years ago
Closed 9 years ago
#17792 closed Bug (wontfix)
pickled object's __setstate__() ignores exceptions
Reported by: | Owned by: | nobody | |
---|---|---|---|
Component: | contrib.sessions | Version: | 1.3 |
Severity: | Normal | Keywords: | session pickle |
Cc: | Triage Stage: | Accepted | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
I find it odd that any exceptions (TypeError too) raised in a pickled object's __setstate__()
are ignored.
Change History (7)
comment:1 by , 13 years ago
Description: | modified (diff) |
---|---|
Resolution: | → invalid |
Status: | new → closed |
comment:2 by , 13 years ago
Resolution: | invalid |
---|---|
Status: | closed → reopened |
hi,
pickle, setstate, and TypeError are python concepts, however, i have an app where *any* exception thrown in a pickled object's setstate() for use in request.session are silently caught/ignored by django. this should not be difficult to reproduce. i verified that this does not happen in "pure python"; uncaught exceptions raised in a pickled object's setstate() were being thrown as expected.
comment:3 by , 13 years ago
Triage Stage: | Unreviewed → Accepted |
---|
Now we are talking. Tickets opened with a description of 109 characters (less than a Tweet) aren't useful at all for anyone.
comment:4 by , 12 years ago
Type: | Uncategorized → Bug |
---|
comment:5 by , 12 years ago
Status: | reopened → new |
---|
comment:6 by , 11 years ago
Component: | Uncategorized → contrib.sessions |
---|
It's not clear to me how we would fix this. How or why would a pickled object's __setstate__
throw an exception? In django.contrib.sessions.backends.base.SessionBase.decode
there's a try/except
which catches all exceptions with the following comment: "ValueError, SuspiciousOperation, deserialization exceptions. If any of these happen, just return an empty dictionary (an empty session)."
comment:7 by , 9 years ago
Resolution: | → wontfix |
---|---|
Status: | new → closed |
Now that Django session serializer defaults to JSON (https://docs.djangoproject.com/en/dev/topics/http/sessions/#session-serialization), I'm not sure we'll fix this. If anyone can come up with some code to fix this issue, feel free to reopen.
I fail to see how this is a bug in Django.
pickle
,__setstate__
andTypeError
are pure Python concepts.Please provide more information if you were actually describing a bug in Django.