#14652: Sessions seem to be improperly using Pickle to hash a dictionary -------------------------------------+-------------------------------------- Reporter: PaulM | Owner: nobody Status: new | Milestone: 1.3 Component: django.contrib.sessions | Version: 1.2 Keywords: | Stage: Unreviewed Has_patch: 0 | -------------------------------------+-------------------------------------- Session dicts are stored as a pickle, and the integrity of that pickle is verified by a hash:
http://code.djangoproject.com/browser/django/trunk/django/contrib/sessions/backends/base.py#L91 This seems to be an improper use of pickle, since the order of dictionaries is not guaranteed. [http://bugs.python.org/issue640645#msg13401 Tim Peters says]: {{{ The internals of pickle strings aren't guaranteed, just that "they work" when unpickled again, and these do. If you want a hash code for a dict, don't dare use pickle for this either, even if it appears "to work": it doesn't. The order in which dict keys are enumerated isn't defined either, and can and does vary across releases, and even across program runs. }}} Pickling as a `SortedDict` would resolve the most direct issue, but would not prevent users from using nested `dicts` improperly. -- Ticket URL: <http://code.djangoproject.com/ticket/14652> Django <http://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.
