Opened 13 years ago
Closed 9 years ago
#17792 closed Bug (wontfix)
pickled object's __setstate__() ignores exceptions
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | contrib.sessions | Version: | 1.3 |
| Severity: | Normal | Keywords: | session pickle |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
I find it odd that any exceptions (TypeError too) raised in a pickled object's __setstate__() are ignored.
Change History (7)
comment:1 by , 13 years ago
| Description: | modified (diff) |
|---|---|
| Resolution: | → invalid |
| Status: | new → closed |
comment:2 by , 13 years ago
| Resolution: | invalid |
|---|---|
| Status: | closed → reopened |
hi,
pickle, setstate, and TypeError are python concepts, however, i have an app where *any* exception thrown in a pickled object's setstate() for use in request.session are silently caught/ignored by django. this should not be difficult to reproduce. i verified that this does not happen in "pure python"; uncaught exceptions raised in a pickled object's setstate() were being thrown as expected.
comment:3 by , 13 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
Now we are talking. Tickets opened with a description of 109 characters (less than a Tweet) aren't useful at all for anyone.
comment:4 by , 12 years ago
| Type: | Uncategorized → Bug |
|---|
comment:5 by , 12 years ago
| Status: | reopened → new |
|---|
comment:6 by , 11 years ago
| Component: | Uncategorized → contrib.sessions |
|---|
It's not clear to me how we would fix this. How or why would a pickled object's __setstate__ throw an exception? In django.contrib.sessions.backends.base.SessionBase.decode there's a try/except which catches all exceptions with the following comment: "ValueError, SuspiciousOperation, deserialization exceptions. If any of these happen, just return an empty dictionary (an empty session)."
comment:7 by , 9 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
Now that Django session serializer defaults to JSON (https://docs.djangoproject.com/en/dev/topics/http/sessions/#session-serialization), I'm not sure we'll fix this. If anyone can come up with some code to fix this issue, feel free to reopen.
I fail to see how this is a bug in Django.
pickle,__setstate__andTypeErrorare pure Python concepts.Please provide more information if you were actually describing a bug in Django.