Allow customizing the serializer used by contrib.sessions

[gwahl@…]

The django.contrib.sessions.backends.signed_cookies session backend should be written in a way that allows subclasses to use their own serializer implementation. This will allow using JSON instead of Pickle to serialize sessions.

For background, see #20444 and ​https://groups.google.com/d/topic/django-developers/YwlZ9m9k1bE/discussion.

[gwahl@…]

Pull request: ​https://github.com/django/django/pull/1474

Question: Should this be mentioned in the docs for this backend? An example of a backend using JSON could be helpful.

[Tim Graham]

Yes, I actually have a more extensive patch in the works.

[Tim Graham]

The plan is to introduce settings.SESSION_SERIAZLIER in the next 1.5.x release. It'll default to using pickle for backwards compatibility, but the default will switch to using JSON in 1.6. ​Pull request in progress.

An additional API has been proposed by @apollo13 to allow customizing the serializiers a bit easier (rather than dealing with subclassing the current serializers, having to possibly write mixins, etc.). For example, in the existing patch JSONMessagesSerializer could be replaced by a hook:

class SerializerHook(object):
  handles_variables = ['variable1', ...]

  def to_primitive(self, name, object):
      pass

 def from_primitive(self, name, object):
     pass

Then in settings.py you'd have another setting:

SESSION_SERIALIZER_HOOKS = ['django.contrib.messages.session_hook', ...]

This would allow 3rd party applications to provide simple hooks for their session stuff (although that should be rare since you generally don't put that much logic into sessions, messages are one example of where you still might wanna do it).

Feedback on whether or not this additional complexity is worthwhile would be appreciated.