Stop using PickleSerializer for sessions

The default has been JSONSerializer since after Django 1.6. The oldest docs I could find was for 1.8: https://docs.djangoproject.com/en/1.8/topics/http/sessions/#session-serialization PickleSerializer has been deprecated since Django 4.1 and was removed in Django 5.0.
hmpf · Mar 4, 2024 · 780e2c7 · 780e2c7
1 parent 45c2149
commit 780e2c7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/python/nav/django/settings.py b/python/nav/django/settings.py
@@ -135,7 +135,7 @@
     'django.contrib.messages.middleware.MessageMiddleware',
 )
 
-SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
+SESSION_SERIALIZER = 'django.contrib.sessions.serializers.JSONSerializer'
 SESSION_ENGINE = 'django.contrib.sessions.backends.db'
 SESSION_COOKIE_AGE = int(_webfront_config.get('sessions', {}).get('timeout', 3600))
 SESSION_COOKIE_NAME = 'nav_sessionid'