Browse files

Updated documentation for the new sessions

  • Loading branch information...
1 parent e1a5761 commit 261c4a6aee88361e0de5d86061d873bbad2cb3a9 @mitsuhiko mitsuhiko committed Oct 7, 2012
Showing with 9 additions and 5 deletions.
  1. +7 −2 docs/upgrading.rst
  2. +2 −3 flask/sessions.py
View
9 docs/upgrading.rst
@@ -29,9 +29,14 @@ format changed from pickle to a specialized JSON format. This change has
been done in order to avoid the damage an attacker can do if the secret
key is leaked. When you upgrade you will notice two major changes: all
sessions that were issued before the upgrade are invalidated and you can
-only store a limited amount of types in the session.
+only store a limited amount of types in the session. The new sessions are
+by design much more restricted to only allow JSON with a few small
+extensions for tuples and strings with HTML markup.
-TODO: add external module for session upgrading
+In order to not break people's sessions it is possible to continue using
+the old session system by using the `Flask-OldSessions_` extension.
+
+.. _Flask-OldSessions: http://packages.python.org/Flask-OldSessions/
Version 0.9
-----------
View
5 flask/sessions.py
@@ -3,10 +3,9 @@
flask.sessions
~~~~~~~~~~~~~~
- Implements cookie based sessions based on Werkzeug's secure cookie
- system.
+ Implements cookie based sessions based on itsdangerous.
- :copyright: (c) 2011 by Armin Ronacher.
+ :copyright: (c) 2012 by Armin Ronacher.
:license: BSD, see LICENSE for more details.
"""

0 comments on commit 261c4a6

Please sign in to comment.