@@ -29,46 +29,9 @@ format changed from pickle to a specialized JSON format. This change has
2929been done in order to avoid the damage an attacker can do if the secret
3030key is leaked. When you upgrade you will notice two major changes: all
3131sessions that were issued before the upgrade are invalidated and you can
32- only store a limited amount of types in the session. There are two ways
33- to avoid these problems on upgrading:
34-
35- Automatically Upgrade Sessions
36- ``````````````````````````````
37-
38- The first method is to allow pickle based sessions for a limited amount of
39- time. This can be done by using the
40- :class: `~flask.sessions.UpgradeSecureCookieSession ` session
41- implementation::
42-
43- from flask import Flask
44- from flask.sessions import UpgradeSecureCookieSessionInterface
45-
46- app = Flask(__name__)
47- app.session_interface = UpgradeSecureCookieSessionInterface
48-
49- For as long as this class is being used both pickle and json sessions are
50- supported but changes are written in JSON format only.
51-
52- Revert to Pickle Sessions
53- `````````````````````````
54-
55- You can also revert to pickle based sessions if you want::
56-
57- import pickle
58- from flask import Flask
59- from flask.sessions import SecureCookieSession, \
60- SecureCookieSessionInterface
61-
62- class PickleSessionInterface(SecureCookieSessionInterface):
63- class session_class(SecureCookieSession):
64- serialization_method = pickle
65-
66- app = Flask(__name__)
67- app.session_interface = PickleSessionInterface
68-
69- If you want to continue to use pickle based data we strongly recommend
70- switching to a server side session store however.
32+ only store a limited amount of types in the session.
7133
34+ TODO: add external module for session upgrading
7235
7336Version 0.9
7437-----------
0 commit comments