Fixed #31274 -- Used signing infrastructure in SessionBase.encode()/decode().

Thanks Mariusz Felisiak and Florian Apolloner for the reviews.
2025-08-03 10:34:04 +00:00 · 2020-02-15 12:20:37 +01:00 · 2020-02-15 12:20:37 +01:00 · d4fff711d4
commit d4fff711d4
parent daaa894960
4 changed files with 37 additions and 3 deletions
--- a/tests/sessions_tests/tests.py
+++ b/tests/sessions_tests/tests.py
@ -311,6 +311,18 @@ class SessionTestsMixin:
        encoded = self.session.encode(data)
        self.assertEqual(self.session.decode(encoded), data)

+    @override_settings(SECRET_KEY='django_tests_secret_key')
+    def test_decode_legacy(self):
+        # RemovedInDjango40Warning: pre-Django 3.1 sessions will be invalid.
+        legacy_encoded = (
+            'OWUzNTNmNWQxNTBjOWExZmM4MmQ3NzNhMDRmMjU4NmYwNDUyNGI2NDp7ImEgdGVzd'
+            'CBrZXkiOiJhIHRlc3QgdmFsdWUifQ=='
+        )
+        self.assertEqual(
+            self.session.decode(legacy_encoded),
+            {'a test key': 'a test value'},
+        )
+
    def test_decode_failure_logged_to_security(self):
        bad_encode = base64.b64encode(b'flaskdj:alkdjf').decode('ascii')
        with self.assertLogs('django.security.SuspiciousSession', 'WARNING') as cm: