change to use JSONSerializer for SignedCookieSessionFactory

author: Michael Merickel <michael@merickel.org> 2018-11-03 13:54:51 -0500
committer: Michael Merickel <michael@merickel.org> 2018-11-03 14:22:07 -0500
commit: 870eb3bcc9e9cc39a84f8268fee5b59ed4692bf4 (patch)
tree: 227108d91f88b71d0c6491b016f52f062b6588b6 /src
parent: 133db09d179c3f5afe7e02dc13ab6687517db5a1 (diff)
download: pyramid-870eb3bcc9e9cc39a84f8268fee5b59ed4692bf4.tar.gz
pyramid-870eb3bcc9e9cc39a84f8268fee5b59ed4692bf4.tar.bz2
pyramid-870eb3bcc9e9cc39a84f8268fee5b59ed4692bf4.zip
2 files changed, 25 insertions, 26 deletions
diff --git a/src/pyramid/interfaces.py b/src/pyramid/interfaces.py
index 37cbc11ab..31bcd7e88 100644
--- a/src/pyramid/interfaces.py
+++ b/src/pyramid/interfaces.py
@@ -1084,21 +1084,27 @@ class ISession(IDict):
     """ An interface representing a session (a web session object,
     usually accessed via ``request.session``.
 
-    Keys and values of a session must be pickleable.
+    Keys and values of a session must be JSON-serializable.
 
     .. warning::
 
-       In :app:`Pyramid` 2.0 the session will only be required to support
-       types that can be serialized using JSON. It's recommended to switch any
-       session implementations to support only JSON and to only store primitive
-       types in sessions. See :ref:`pickle_session_deprecation` for more
-       information about why this change is being made.
+        In :app:`Pyramid` 2.0 the session was changed to only be required to
+        support types that can be serialized using JSON. It's recommended to
+        switch any session implementations to support only JSON and to only
+        store primitive types in sessions. See
+        :ref:`pickle_session_deprecation` for more information about why this
+        change was made.
 
     .. versionchanged:: 1.9
 
-       Sessions are no longer required to implement ``get_csrf_token`` and
-       ``new_csrf_token``. CSRF token support was moved to the pluggable
-       :class:`pyramid.interfaces.ICSRFStoragePolicy` configuration hook.
+        Sessions are no longer required to implement ``get_csrf_token`` and
+        ``new_csrf_token``. CSRF token support was moved to the pluggable
+        :class:`pyramid.interfaces.ICSRFStoragePolicy` configuration hook.
+
+    .. versionchanged:: 2.0
+
+        Sessions now need to be JSON-serializable. This is more strict than
+        the previous requirement of pickleable objects.
 
     """
 
diff --git a/src/pyramid/session.py b/src/pyramid/session.py
index d26344aea..68e0c506c 100644
--- a/src/pyramid/session.py
+++ b/src/pyramid/session.py
@@ -1,7 +1,6 @@
 import binascii
 import os
 import time
-import warnings
 
 from zope.deprecation import deprecated
 from zope.interface import implementer
@@ -350,8 +349,6 @@ def SignedCookieSessionFactory(
     serializer=None,
 ):
     """
-    .. versionadded:: 1.5
-
     Configure a :term:`session factory` which will provide signed
     cookie-based sessions.  The return value of this
     function is a :term:`session factory`, which may be provided as
@@ -441,33 +438,29 @@ def SignedCookieSessionFactory(
       method should accept bytes and return a Python object.  The ``dumps``
       method should accept a Python object and return bytes.  A ``ValueError``
       should be raised for malformed inputs.  If a serializer is not passed,
-      the :class:`pyramid.session.PickleSerializer` serializer will be used.
+      the :class:`pyramid.session.JSONSerializer` serializer will be used.
 
     .. warning::
 
-       In :app:`Pyramid` 2.0 the default ``serializer`` option will change to
+       In :app:`Pyramid` 2.0 the default ``serializer`` option changed to
        use :class:`pyramid.session.JSONSerializer`. See
        :ref:`pickle_session_deprecation` for more information about why this
-       change is being made.
+       change was made.
 
     .. versionadded: 1.5a3
 
     .. versionchanged: 1.10
 
-       Added the ``samesite`` option and made the default ``Lax``.
+        Added the ``samesite`` option and made the default ``Lax``.
+
+    .. versionchanged: 2.0
+
+        Changed the default ``serializer`` to be an instance of
+        :class:`pyramid.session.JSONSerializer`.
 
     """
     if serializer is None:
-        serializer = PickleSerializer()
-        warnings.warn(
-            'The default pickle serializer is deprecated as of Pyramid 1.9 '
-            'and it will be changed to use pyramid.session.JSONSerializer in '
-            'version 2.0. Explicitly set the serializer to avoid future '
-            'incompatibilities. See "Upcoming Changes to ISession in '
-            'Pyramid 2.0" for more information about this change.',
-            DeprecationWarning,
-            stacklevel=1,
-        )
+        serializer = JSONSerializer()
 
     signed_serializer = SignedSerializer(
         secret, salt, hashalg, serializer=serializer
author	Michael Merickel <michael@merickel.org>	2018-11-03 13:54:51 -0500
committer	Michael Merickel <michael@merickel.org>	2018-11-03 14:22:07 -0500
commit	870eb3bcc9e9cc39a84f8268fee5b59ed4692bf4 (patch)
tree	227108d91f88b71d0c6491b016f52f062b6588b6 /src
parent	133db09d179c3f5afe7e02dc13ab6687517db5a1 (diff)
download	pyramid-870eb3bcc9e9cc39a84f8268fee5b59ed4692bf4.tar.gz pyramid-870eb3bcc9e9cc39a84f8268fee5b59ed4692bf4.tar.bz2 pyramid-870eb3bcc9e9cc39a84f8268fee5b59ed4692bf4.zip