You can clone with
HTTPS or Subversion.
After becoming aware that Flask, by default, pickles its session object, and thus is vulnerable to remote execution if someone discovers your secret key ( see http://stacksmashing.net/2012/08/10/dear-flask-please-fix-your-secure-cookies/ ), I tried to switch to using itsdangerous for session management as detailed at http://flask.pocoo.org/snippets/51/ .
Unfortunately, this fails, because _create_identifier returns the raw MD5 digest in bytes, which can't be represented as a Unicode string, and thus serialized to JSON. I can work around this with a custom serializer, but it would be nice if there were at least an option to base64 encode this value or something.
This definitely needs to be fixed. Thanks for pointing this out.
Would changing line 136 with this help?
Or is it more than just this?
@sederek yes thats all
Could we have an fix and a new release? This problem is a bit of a bummer if you want to use itsdangerous sessions.
Gist with the fix here: git://gist.github.com/3731115.git
_create_identifier now returns a JSON serializeable value, fixes #31
I also ran into this issue. My production environment only allows me to use the PyPi version, so I had to monkey patch _create_identifier in my "itsdangerous" session implementation (creepy, but works fine).