Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Removed outdated section in the docs
  • Loading branch information
mitsuhiko committed Aug 11, 2012
1 parent c3d38a2 commit a4977cf
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 43 deletions.
4 changes: 0 additions & 4 deletions docs/api.rst
Expand Up @@ -215,13 +215,9 @@ implementation that Flask is using.
.. autoclass:: SecureCookieSessionInterface
:members:

.. autoclass:: UpgradeSecureCookieSessionInterface

.. autoclass:: SecureCookieSession
:members:

.. autoclass:: UpgradeSecureCookieSession

.. autoclass:: NullSession
:members:

Expand Down
41 changes: 2 additions & 39 deletions docs/upgrading.rst
Expand Up @@ -29,46 +29,9 @@ format changed from pickle to a specialized JSON format. This change has
been done in order to avoid the damage an attacker can do if the secret
key is leaked. When you upgrade you will notice two major changes: all
sessions that were issued before the upgrade are invalidated and you can
only store a limited amount of types in the session. There are two ways
to avoid these problems on upgrading:

Automatically Upgrade Sessions
``````````````````````````````

The first method is to allow pickle based sessions for a limited amount of
time. This can be done by using the
:class:`~flask.sessions.UpgradeSecureCookieSession` session
implementation::

from flask import Flask
from flask.sessions import UpgradeSecureCookieSessionInterface

app = Flask(__name__)
app.session_interface = UpgradeSecureCookieSessionInterface

For as long as this class is being used both pickle and json sessions are
supported but changes are written in JSON format only.

Revert to Pickle Sessions
`````````````````````````

You can also revert to pickle based sessions if you want::

import pickle
from flask import Flask
from flask.sessions import SecureCookieSession, \
SecureCookieSessionInterface

class PickleSessionInterface(SecureCookieSessionInterface):
class session_class(SecureCookieSession):
serialization_method = pickle

app = Flask(__name__)
app.session_interface = PickleSessionInterface

If you want to continue to use pickle based data we strongly recommend
switching to a server side session store however.
only store a limited amount of types in the session.

TODO: add external module for session upgrading

Version 0.9
-----------
Expand Down

0 comments on commit a4977cf

Please sign in to comment.