Re: Default session data serializer doesn't support extended data types

On Friday, September 20, 2013 4:40:39 PM UTC+2, Curtis Maloney wrote: > I talked with the OP [or someone who talks a _lot_ like the OP:)] > Oh, I should meet this animal–pardon, this guy. :) And the answer is: there's no way for a matching Decoder to know when to > decode any of these types, si

Re: Default session data serializer doesn't support extended data types

On Friday, September 20, 2013 3:59:47 PM UTC+2, Donald Stufft wrote: > > A basic tenant in securing systems is that you make each piece of the > system responsible for it's own security and you don't have it depend on > the security of another system. Moving away from pickle as the default > se

Re: Default session data serializer doesn't support extended data types

On Friday, September 20, 2013 2:55:33 PM UTC+2, Florian Apolloner wrote: > > > Btw could it be that you are mixing out Encoder and Serializer? > No, I say Serializer when I mean... well, a serializer, as specified by SESSION_SERIALIZER. I say Encoder when I mean the Encoder class used by JSONS

Re: Default session data serializer doesn't support extended data types

x27;t discussed. Would you like me to address > anything specific? > > Tim > > On Thursday, September 19, 2013 10:46:44 AM UTC-4, Davide Rizzo wrote: >> >> #20922 <https://code.djangoproject.com/ticket/20922> introduced the >> option to choose a custom se

Default session data serializer doesn't support extended data types

#20922 introduced the option to choose a custom session data serializer. The default option is to use the new JSONSerializer starting from 1.6, since using pickle would lead to a remote code execution vulnerability when session data is stored in coo