#20922: Allow customizing the serializer used by contrib.sessions
----------------------------------+------------------------------------
Reporter: gwahl@… | Owner: timo
Type: New feature | Status: assigned
Component: contrib.sessions | Version: 1.5
Severity: Release blocker | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
----------------------------------+------------------------------------
Changes (by timo):
* owner: nobody => timo
* status: new => assigned
Old description:
> The `django.contrib.sessions.backends.signed_cookies` session backend
> should be written in a way that allows subclasses to use their own
> serializer implementation. This will allow using JSON instead of Pickle
> to serialize sessions.
>
> For background, see #20444 and https://groups.google.com/d/topic/django-
> developers/YwlZ9m9k1bE/discussion.
>
> Patch to come shortly.
New description:
The `django.contrib.sessions.backends.signed_cookies` session backend
should be written in a way that allows subclasses to use their own
serializer implementation. This will allow using JSON instead of Pickle to
serialize sessions.
For background, see #20444 and https://groups.google.com/d/topic/django-
developers/YwlZ9m9k1bE/discussion.
--
Comment:
The plan is to introduce `settings.SESSION_SERIAZLIER` in the next 1.5.x
release. It'll default to using pickle for backwards compatibility, but
the default will switch to using JSON in 1.6.
[https://github.com/django/django/pull/1488 Pull request] in progress.
An additional API has been proposed by @apollo13 to allow customizing the
serializiers a bit easier (rather than dealing with subclassing the
current serializers, having to possibly write mixins, etc.). For example,
in the existing patch `JSONMessagesSerializer` could be replaced by a
hook:
{{{
class SerializerHook(object):
handles_variables = ['variable1', ...]
def to_primitive(self, name, object):
pass
def from_primitive(self, name, object):
pass
}}}
Then in `settings.py` you'd have another setting:
`SESSION_SERIALIZER_HOOKS = ['django.contrib.messages.session_hook',
...]`
This would allow 3rd party applications to provide simple hooks for
their session stuff (although that should be rare since you generally
don't put that much logic into sessions, messages are one example of where
you still might wanna do it).
Feedback on whether or not this additional complexity is worthwhile would
be appreciated.
--
Ticket URL: <https://code.djangoproject.com/ticket/20922#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/077.4ede4ff65a24c598aa8128012dfbdf61%40djangoproject.com.
For more options, visit https://groups.google.com/groups/opt_out.
