From 780e2c74cbf8633e8d00b07da7a24d960d97d658 Mon Sep 17 00:00:00 2001 From: Hanne Moa Date: Fri, 1 Mar 2024 11:04:16 +0100 Subject: [PATCH] Stop using PickleSerializer for sessions The default has been JSONSerializer since after Django 1.6. The oldest docs I could find was for 1.8: https://docs.djangoproject.com/en/1.8/topics/http/sessions/#session-serialization PickleSerializer has been deprecated since Django 4.1 and was removed in Django 5.0. --- python/nav/django/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/nav/django/settings.py b/python/nav/django/settings.py index d9aacb4ef5..a4a6e2a2f3 100644 --- a/python/nav/django/settings.py +++ b/python/nav/django/settings.py @@ -135,7 +135,7 @@ 'django.contrib.messages.middleware.MessageMiddleware', ) -SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer' +SESSION_SERIALIZER = 'django.contrib.sessions.serializers.JSONSerializer' SESSION_ENGINE = 'django.contrib.sessions.backends.db' SESSION_COOKIE_AGE = int(_webfront_config.get('sessions', {}).get('timeout', 3600)) SESSION_COOKIE_NAME = 'nav_sessionid'