Updated documentation for the new sessions

12 years ago · 261c4a6aee
2 changed files with 9 additions and 5 deletions
--- a/docs/upgrading.rst
+++ b/docs/upgrading.rst
@ -29,9 +29,14 @@ format changed from pickle to a specialized JSON format.  This change has
 been done in order to avoid the damage an attacker can do if the secret
 key is leaked.  When you upgrade you will notice two major changes: all
 sessions that were issued before the upgrade are invalidated and you can
-only store a limited amount of types in the session.
+only store a limited amount of types in the session.  The new sessions are
+by design much more restricted to only allow JSON with a few small
+extensions for tuples and strings with HTML markup.

-TODO: add external module for session upgrading
+In order to not break people's sessions it is possible to continue using
+the old session system by using the `Flask-OldSessions_` extension.
+
+.. _Flask-OldSessions: http://packages.python.org/Flask-OldSessions/

 Version 0.9
 -----------
--- a/flask/sessions.py
+++ b/flask/sessions.py
@ -3,10 +3,9 @@
    flask.sessions
    ~~~~~~~~~~~~~~

-    Implements cookie based sessions based on Werkzeug's secure cookie
-    system.
+    Implements cookie based sessions based on itsdangerous.

-    :copyright: (c) 2011 by Armin Ronacher.
+    :copyright: (c) 2012 by Armin Ronacher.
    :license: BSD, see LICENSE for more details.
 """