Opened 10 years ago
Last modified 10 years ago
#24468 closed Cleanup/optimization
signed_cookies and PickleSerializer seems incompatible. — at Version 1
Reported by: | Drife59 | Owned by: | nobody |
---|---|---|---|
Component: | contrib.sessions | Version: | 1.7 |
Severity: | Normal | Keywords: | PickleSerializer signed_cookies |
Cc: | Drife59 | Triage Stage: | Accepted |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
If you do the setup as following (I know it is not recommended for security reason):
SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'
SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
It basically breaks render of template.
Here is the full stacktrace:
File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/base.py", line 170, in _get_session return self._session_cache AttributeError: 'SessionStore' object has no attribute '_session_cache' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.4/dist-packages/django/core/handlers/base.py", line 111, in get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "<path>/views.py", line 266, in <your View> if request.user.is_authenticated(): File "/usr/local/lib/python3.4/dist-packages/django/utils/functional.py", line 224, in inner self._setup() File "/usr/local/lib/python3.4/dist-packages/django/utils/functional.py", line 357, in _setup self._wrapped = self._setupfunc() File "/usr/local/lib/python3.4/dist-packages/django/contrib/auth/middleware.py", line 22, in <lambda> request.user = SimpleLazyObject(lambda: get_user(request)) File "/usr/local/lib/python3.4/dist-packages/django/contrib/auth/middleware.py", line 10, in get_user request._cached_user = auth.get_user(request) File "/usr/local/lib/python3.4/dist-packages/django/contrib/auth/__init__.py", line 152, in get_user user_id = request.session[SESSION_KEY] File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/base.py", line 49, in __getitem__ return self._session[key] File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/base.py", line 175, in _get_session self._session_cache = self.load() File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/signed_cookies.py", line 20, in load salt='django.contrib.sessions.backends.signed_cookies') File "/usr/local/lib/python3.4/dist-packages/django/core/signing.py", line 145, in loads return serializer().loads(data) File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/serializers.py", line 17, in loads return pickle.loads(data) _pickle.UnpicklingError: invalid load key, '{'. During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/base.py", line 170, in _get_session return self._session_cache AttributeError: 'SessionStore' object has no attribute '_session_cache' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3.4/wsgiref/handlers.py", line 137, in run self.result = application(self.environ, self.start_response) File "/usr/local/lib/python3.4/dist-packages/django/contrib/staticfiles/handlers.py", line 64, in __call__ return self.application(environ, start_response) File "/usr/local/lib/python3.4/dist-packages/django/core/handlers/wsgi.py", line 187, in __call__ response = self.get_response(request) File "/usr/local/lib/python3.4/dist-packages/django/core/handlers/base.py", line 199, in get_response response = self.handle_uncaught_exception(request, resolver, sys.exc_info()) File "/usr/local/lib/python3.4/dist-packages/django/core/handlers/base.py", line 236, in handle_uncaught_exception return debug.technical_500_response(request, *exc_info) File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py", line 91, in technical_500_response html = reporter.get_traceback_html() File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py", line 349, in get_traceback_html c = Context(self.get_traceback_data(), use_l10n=False) File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py", line 307, in get_traceback_data frames = self.get_traceback_frames() File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py", line 465, in get_traceback_frames 'vars': self.filter.get_traceback_frame_variables(self.request, tb.tb_frame), File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py", line 232, in get_traceback_frame_variables cleansed[name] = self.cleanse_special_types(request, value) File "/usr/local/lib/python3.4/dist-packages/django/views/debug.py", line 187, in cleanse_special_types if isinstance(value, HttpRequest): File "/usr/local/lib/python3.4/dist-packages/django/utils/functional.py", line 224, in inner self._setup() File "/usr/local/lib/python3.4/dist-packages/django/utils/functional.py", line 357, in _setup self._wrapped = self._setupfunc() File "/usr/local/lib/python3.4/dist-packages/django/contrib/auth/middleware.py", line 22, in <lambda> request.user = SimpleLazyObject(lambda: get_user(request)) File "/usr/local/lib/python3.4/dist-packages/django/contrib/auth/middleware.py", line 10, in get_user request._cached_user = auth.get_user(request) File "/usr/local/lib/python3.4/dist-packages/django/contrib/auth/__init__.py", line 152, in get_user user_id = request.session[SESSION_KEY] File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/base.py", line 49, in __getitem__ return self._session[key] File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/base.py", line 175, in _get_session self._session_cache = self.load() File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/backends/signed_cookies.py", line 20, in load salt='django.contrib.sessions.backends.signed_cookies') File "/usr/local/lib/python3.4/dist-packages/django/core/signing.py", line 145, in loads return serializer().loads(data) File "/usr/local/lib/python3.4/dist-packages/django/contrib/sessions/serializers.py", line 17, in loads return pickle.loads(data) _pickle.UnpicklingError: invalid load key, '{'.
Of course replace " File "<path>/views.py", line 266, in <your View>" with your view.
I tried different views and same result each time.
Seems we cannot properly access to the session, for managing user.
I found no workaround but to use a different serializer or session engine.