mpasternak
commented
3 years ago Hi there. Congratulations on a pretty well written pull request.
The solution to problem no #4 is to use different JSON encoder for your whole project or a different session serializer. Serializing things especially by hand like in your example could be prone to errors. Please see this solution: https://stackoverflow.com/a/5781657/401516 . Also your comment to use different session serializer was pretty good too (except for Pickle. Pickle has security concerns; also remember to never trust anything coming from the client side of your software, so you shouldn't serialize stuff directly received from the user while using Pickle). My idea for your eventual patch was to document the problem you encountered somewhere in the documentation, so other users could use your experience in the future.
ATM I have no plans to commit patch in the form your submitted - sorry. The general idea is to leave serialization to serializers, which, in turn, are configurable on Django's side. And, as you can see https://github.com/iplweb/bpp/blob/dev/src/django_bpp/settings/base.py#L344 I also use Pickle serializer, AFAIK precisely because of this bug I encountered.
Please don't take my opinion personally, also if you see me being harsh, let me ensure you - I am not. Congratulations on a pretty well written pull request again and thank you for using software I maintain. ATM my decision is to close it, unless there's some consensus against it. If you disagree, please remember, that serializing dates to strings is an art in its own. Does the datetime have a timezone or not? Is the de-serialization performed in a secure manner? Where are the tests for it...?
TL;DR: please use Pickle, eventually please document this behavior in the docs. Unless somebody convinces me that we should do different.
LBarry97
Hi Michal,
This is the solution to the error: https://github.com/iplweb/django-password-policies-iplweb/issues/4
You can review it?
Greetings