diff options
| author | jonathan vanasco <jonathan@2xlp.com> | 2019-11-04 17:56:27 -0500 |
|---|---|---|
| committer | jonathan vanasco <jonathan@2xlp.com> | 2019-11-05 16:51:11 -0500 |
| commit | 3bc31c66c41f795abdaa270645f1046f70a86e07 (patch) | |
| tree | e10cbd7003f1ff37302245feb0133bf895f06465 | |
| parent | b6604fc39e542a78bc6cb4f009bf972ba4db098f (diff) | |
| download | pyramid-3bc31c66c41f795abdaa270645f1046f70a86e07.tar.gz pyramid-3bc31c66c41f795abdaa270645f1046f70a86e07.tar.bz2 pyramid-3bc31c66c41f795abdaa270645f1046f70a86e07.zip | |
fixed rst; migrated some inline references to the docs
| -rw-r--r-- | docs/narr/sessions.rst | 6 | ||||
| -rw-r--r-- | src/pyramid/session.py | 11 |
2 files changed, 6 insertions, 11 deletions
diff --git a/docs/narr/sessions.rst b/docs/narr/sessions.rst index d9befec82..8ae20d63e 100644 --- a/docs/narr/sessions.rst +++ b/docs/narr/sessions.rst @@ -85,6 +85,12 @@ This is a stricter contract than the previous requirement that all objects be pi This is a backward-incompatible change. Previously, if a client-side session implementation was compromised, it left the application vulnerable to remote code execution attacks using specially-crafted sessions that execute code when deserialized. +Please reference the following tickets if detailed information on these changes is needed: + +* `2.0 feature request: Require that sessions are JSON serializable #2709 <https://github.com/pylons/pyramid/issues/2709>`_. +* `deprecate pickleable sessions, recommend json #3353 <https://github.com/pylons/pyramid/pull/3353>`_. +* `change to use JSONSerializer for SignedCookieSessionFactory #3413 <https://github.com/pylons/pyramid/pull/3413>`_. + For users with compatibility concerns, it's possible to craft a serializer that can handle both formats until you are satisfied that clients have had time to reasonably upgrade. Remember that sessions should be short-lived and thus the number of clients affected should be small (no longer than an auth token, at a maximum). An example serializer: diff --git a/src/pyramid/session.py b/src/pyramid/session.py index d317b7c48..ededdaab7 100644 --- a/src/pyramid/session.py +++ b/src/pyramid/session.py @@ -57,17 +57,6 @@ class PickleSerializer(object): Please see :ref:`pickle_session_deprecation`. - Also, please see these tickets: - - * 2.0 feature request: Require that sessions are JSON serializable #2709 - https://github.com/pylons/pyramid/issues/2709 - - * deprecate pickleable sessions, recommend json #3353 - https://github.com/Pylons/pyramid/pull/3353 - - * change to use JSONSerializer for SignedCookieSessionFactory #3413 - https://github.com/Pylons/pyramid/pull/3413 - A serializer that uses the pickle protocol to dump Python data to bytes. This was the default serializer used by Pyramid, but has been deprecated. |