Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#26831 closed Cleanup/optimization (fixed)

Session serialisers should document limitations on values

Reported by: Sasha Romijn Owned by: Md. Sadaf Noor
Component: Documentation Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

The JSON session serialiser in Django (the default) does not allow non-UTF8 bytes to be stored in session values. This fact is not documented, although it may not be entirely surprising as Django expects utf-8 everywhere. However, for clarity it may still be better to mention this, probably under https://docs.djangoproject.com/en/dev/topics/http/sessions/#session-serialization

Here's a specific example of what you can't do, because '\xd9' is not valid unicode:

>>> from django.contrib.sessions.backends.db import SessionStore
>>> s = SessionStore()
>>> s['foo'] = '\xd9'
>>> s.save()
......
UnicodeDecodeError: 'utf8' codec can't decode byte 0xd9 in position 0: unexpected end of data

I'm considering this a documentation bug, as according to my research there is no way to encode this non-utf8 data into JSON.

Change History (6)

comment:1 by Claude Paroz, 8 years ago

Triage Stage: UnreviewedAccepted

A workaround could be to base64 encode, then decode at read, but still, arbitrary raw bytes aren't JSON transmittable as is (AFAIK).

comment:2 by Md. Sadaf Noor, 8 years ago

Owner: changed from nobody to Md. Sadaf Noor
Status: newassigned

comment:3 by Tim Graham, 8 years ago

Has patch: set
Needs documentation: unset

comment:4 by Tim Graham <timograham@…>, 8 years ago

Resolution: fixed
Status: assignedclosed

In 1f82b85:

Fixed #26831 -- Documented session data must be JSON encodable for JSONSerializer.

comment:5 by Tim Graham <timograham@…>, 8 years ago

In e6db7271:

[1.9.x] Fixed #26831 -- Documented session data must be JSON encodable for JSONSerializer.

Backport of 1f82b857ceb75f2d7a68e79c6a00c30bfe7f1318 from master

comment:6 by Tim Graham <timograham@…>, 8 years ago

In 5d8332aa:

[1.10.x] Fixed #26831 -- Documented session data must be JSON encodable for JSONSerializer.

Backport of 1f82b857ceb75f2d7a68e79c6a00c30bfe7f1318 from master

Note: See TracTickets for help on using tickets.
Back to Top