From 2234aa7f406be49b0e3142642bb338eb3f91ebba Mon Sep 17 00:00:00 2001 From: Hanne Moa Date: Fri, 8 Mar 2024 11:12:01 +0100 Subject: [PATCH] Add meaty docstring to the serializer --- python/nav/web/session_serializer.py | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/python/nav/web/session_serializer.py b/python/nav/web/session_serializer.py index 98fefec8b9..987a4a53a7 100644 --- a/python/nav/web/session_serializer.py +++ b/python/nav/web/session_serializer.py @@ -6,8 +6,22 @@ class PickleSerializer: """ - Simple wrapper around pickle to be used in signing.dumps()/loads() and - cache backends. + Simple wrapper around pickle to be used for serializing data to be put in + cookies. + + This was vendored from the version found in Django 4.2. JSONSerializer has + been the default in Django since 1.6, deprecated since 4.1 and purged from + the codebase since 5.0. What Django did not provide is a migration path: + a test showed that any access of a cookie after the serializer had been + changed lead to a rather useless exception. + + PickleSerializer was removed due to it being danegerous in the + signed_cookie session backend. NAV doesn't use that see we can keep the old + serializer. + + Changes from the original: A deprecation warning has been removed and + a check that it is not used with the signed_cookie session backend has been + added. """ def __init__(self, protocol=None):