#741 closed defect (fixed)
Session unpickler is not fault tolerant
| Reported by: | Owned by: | Adrian Holovaty | |
|---|---|---|---|
| Component: | Core (Other) | Version: | |
| Severity: | normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Sessions store Python objects via pickle. Currently unpickling errors are not handled.
For example, if a client visits a site and a class instance is pickled into their session and then they later return to the site after the definition of that class has been removed or changed an ImportError may be thrown. Unpickling can potentially cause a whole range of Exceptions including UnpicklingError, AttributeError, EOFError, ImportError, and IndexError.
Probably it would be reasonable to use a broad try/except block and generate a new session if the session cannot be unpickled.
Note:
See TracTickets
for help on using tickets.
(In [1099]) Fixed #741 -- Made models.core.Session.get_decoded() fault-tolerant, in case of funky pickled data. Thanks, kieranholland