Session unpickler is not fault tolerant
|Reported by:||django@…||Owned by:||adrian|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Sessions store Python objects via pickle. Currently unpickling errors are not handled.
For example, if a client visits a site and a class instance is pickled into their session and then they later return to the site after the definition of that class has been removed or changed an ImportError may be thrown. Unpickling can potentially cause a whole range of Exceptions including UnpicklingError, AttributeError, EOFError, ImportError, and IndexError.
Probably it would be reasonable to use a broad try/except block and generate a new session if the session cannot be unpickled.