Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

Removed outdated section in the docs

  • Loading branch information...
commit a4977cfe2b57218579ca224af7cfea0864e6665b 1 parent c3d38a2
@mitsuhiko authored
Showing with 2 additions and 43 deletions.
  1. +0 −4 docs/api.rst
  2. +2 −39 docs/upgrading.rst
4 docs/api.rst
@@ -215,13 +215,9 @@ implementation that Flask is using.
.. autoclass:: SecureCookieSessionInterface
-.. autoclass:: UpgradeSecureCookieSessionInterface
.. autoclass:: SecureCookieSession
-.. autoclass:: UpgradeSecureCookieSession
.. autoclass:: NullSession
41 docs/upgrading.rst
@@ -29,46 +29,9 @@ format changed from pickle to a specialized JSON format. This change has
been done in order to avoid the damage an attacker can do if the secret
key is leaked. When you upgrade you will notice two major changes: all
sessions that were issued before the upgrade are invalidated and you can
-only store a limited amount of types in the session. There are two ways
-to avoid these problems on upgrading:
-Automatically Upgrade Sessions
-The first method is to allow pickle based sessions for a limited amount of
-time. This can be done by using the
-:class:`~flask.sessions.UpgradeSecureCookieSession` session
- from flask import Flask
- from flask.sessions import UpgradeSecureCookieSessionInterface
- app = Flask(__name__)
- app.session_interface = UpgradeSecureCookieSessionInterface
-For as long as this class is being used both pickle and json sessions are
-supported but changes are written in JSON format only.
-Revert to Pickle Sessions
-You can also revert to pickle based sessions if you want::
- import pickle
- from flask import Flask
- from flask.sessions import SecureCookieSession, \
- SecureCookieSessionInterface
- class PickleSessionInterface(SecureCookieSessionInterface):
- class session_class(SecureCookieSession):
- serialization_method = pickle
- app = Flask(__name__)
- app.session_interface = PickleSessionInterface
-If you want to continue to use pickle based data we strongly recommend
-switching to a server side session store however.
+only store a limited amount of types in the session.
+TODO: add external module for session upgrading
Version 0.9
Please sign in to comment.
Something went wrong with that request. Please try again.