From 261c4a6aee88361e0de5d86061d873bbad2cb3a9 Mon Sep 17 00:00:00 2001 From: Armin Ronacher Date: Sun, 7 Oct 2012 12:40:59 +0200 Subject: [PATCH] Updated documentation for the new sessions --- docs/upgrading.rst | 9 +++++++-- flask/sessions.py | 5 ++--- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/docs/upgrading.rst b/docs/upgrading.rst index c295fb1c..34f54f42 100644 --- a/docs/upgrading.rst +++ b/docs/upgrading.rst @@ -29,9 +29,14 @@ format changed from pickle to a specialized JSON format. This change has been done in order to avoid the damage an attacker can do if the secret key is leaked. When you upgrade you will notice two major changes: all sessions that were issued before the upgrade are invalidated and you can -only store a limited amount of types in the session. +only store a limited amount of types in the session. The new sessions are +by design much more restricted to only allow JSON with a few small +extensions for tuples and strings with HTML markup. -TODO: add external module for session upgrading +In order to not break people's sessions it is possible to continue using +the old session system by using the `Flask-OldSessions_` extension. + +.. _Flask-OldSessions: http://packages.python.org/Flask-OldSessions/ Version 0.9 ----------- diff --git a/flask/sessions.py b/flask/sessions.py index ba0b0ed7..4790f73a 100644 --- a/flask/sessions.py +++ b/flask/sessions.py @@ -3,10 +3,9 @@ flask.sessions ~~~~~~~~~~~~~~ - Implements cookie based sessions based on Werkzeug's secure cookie - system. + Implements cookie based sessions based on itsdangerous. - :copyright: (c) 2011 by Armin Ronacher. + :copyright: (c) 2012 by Armin Ronacher. :license: BSD, see LICENSE for more details. """