Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Serialize YadisServiceManager instance before writing it to session dict #17

Open
jgehrcke opened this Issue Jul 8, 2011 · 4 comments

Comments

Projects
None yet
5 participants

jgehrcke commented Jul 8, 2011

Here:

def store(self, session):

the whole YadisServiceManager instance gets written into the session, which is a dict-like object. This basically requires the web framework writing this session data somewhere (e.g. to a cookie) to use pickle as serializer, while sometimes JSON or others might be desired.

In my special case (Flask + OpenID-ext + itsdangerous-ext) this lead to: <openid.yadis.manager.YadisServiceManager object at 0x9fa6f2c> is not JSON serializable during the authentication process.

Therefore, it would be nice to have the serialization/deserialization done by python-openid, so that it is possible for python-openid to store a string to the session, which should not break any storage backend. By doing so, one could consider only storing the relevant data, because pickling this whole object for sure brings along some overhead.

Thanks for consideration,

Jan-Philip Gehrcke

lerouxb commented Sep 22, 2011

I also ran into this and worked around it by just pickling the session keys that python-openid added before encoding (and unpickling when loading): https://gist.github.com/1234843

scribu commented May 19, 2014

Just ran into this same error in a Django 1.6 app.

Related: https://bugs.launchpad.net/django-openid-auth/+bug/1252826

Also having the same issue. It shows up in Django 1.6 because 1.6 moves away from using SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer' by default, which Django versions prior to 1.6 did. This serializer has a security hole, which means that using it as a workaround for this issue is undesirable.

@adam-thomas adam-thomas referenced this issue in frog32/django-admin-sso May 23, 2014

Closed

Support Python 3 [Blocked by OpenID bug] #12

Contributor

rodrigoprimo commented May 28, 2014

Last year I was working on a project using python-openid and, after opening a few pull requests here, @willnorris gave me access to the repository.

Unfortunately I'm not working with python-openid anymore so I don't have time to address this and the other issues. As far as I know no one else is maintaining this library.

If someone create a pull request to fix this issue and others can test and vouch for it I will approve it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment