Not compatible with the Django 1.6 default JSON_SESSION_SERIALIZER

Bug #1252826 reported by Tim Abbott
This bug affects 7 people
Affects Status Importance Assigned to Milestone
python-django-openid-auth (Ubuntu)

Bug Description

In Django 1.6, the default session serliazer has been switched to one based on JSON, rather than pickles, to improve security. Django-openid-auth does not support this because it attemps to store content that is not JSON serializable in sessions. See for details on the Django 1.6 change.

Revision history for this message
Andrew Starr-Bochicchio (andrewsomething) wrote :

I can confirm this. Traceback below:


Request Method: GET
Request URL:

Django Version: 1.6
Python Version: 2.7.5
Installed Applications:
Installed Middleware:

File "/usr/lib/python2.7/dist-packages/django/core/handlers/" in get_response
  201. response = middleware_method(request, response)
File "/usr/lib/python2.7/dist-packages/django/contrib/sessions/" in process_response
File "/usr/lib/python2.7/dist-packages/django/contrib/sessions/backends/" in save
  57. session_data=self.encode(self._get_session(no_load=must_create)),
File "/usr/lib/python2.7/dist-packages/django/contrib/sessions/backends/" in encode
  87. serialized = self.serializer().dumps(session_dict)
File "/usr/lib/python2.7/dist-packages/django/core/" in dumps
  88. return json.dumps(obj, separators=(',', ':')).encode('latin-1')
File "/usr/lib/python2.7/json/" in dumps
  250. sort_keys=sort_keys, **kw).encode(obj)
File "/usr/lib/python2.7/json/" in encode
  207. chunks = self.iterencode(o, _one_shot=True)
File "/usr/lib/python2.7/json/" in iterencode
  270. return _iterencode(o, 0)
File "/usr/lib/python2.7/json/" in default
  184. raise TypeError(repr(o) + " is not JSON serializable")

Exception Type: TypeError at /openid/login/
Exception Value: <openid.yadis.manager.YadisServiceManager object at 0x7fa43c0bea50> is not JSON serializable

Changed in django-openid-auth:
status: New → Confirmed
Revision history for this message
Mathieu Comandon (strycore) wrote :

I tried to write a patch for this but couldn't figure out how, I guess it has something to do with python-openid itself, not sure as I don't have a deep knowledge of this codebase.

Anyway, the best I could do was reverting to the old Pickle serializer as a workaround. I updated the test project accordingly on my branch :

Btw, this branch contains other patches necessary to provide Django 1.6 compatibility.

Changed in python-django-openid-auth (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
Revision history for this message
Dani Llewellyn (diddledani) wrote :

one potential fix is to follow which suggests that it can work in stateless mode by passing `None` to the `Consumer` constructor instead of the django session.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers