Session data corrupted in django
Sorry for getting late to this post, but by any chance, did you change the SECRET_KEY variable on your project? sessions used to be cyphered using this salt, so if you changed it you have corrupted all your sessions, but don't worry! is not a big deal, the worst-case scenario is for the sessions that were existing before this, those will need to log-in again, and that's it ;)
You are getting this error because of this line: https://github.com/django/django/blob/master/django/contrib/sessions/backends/base.py#L109
Apparently, there's something went terribly wrong with encryption of session data.
How to fix it? I'm not sure, I have a couple of ideas though:
- Do you use a custom session class?
- Do you use your Django session in another project?
This worked for me:
import base64import hashlibimport hmacimport jsondef session_utoken(msg, secret_key, class_name='SessionStore'): key_salt = "django.contrib.sessions" + class_name sha1 = hashlib.sha1((key_salt + secret_key).encode('utf-8')).digest() utoken = hmac.new(sha1, msg=msg, digestmod=hashlib.sha1).hexdigest() return utokendef decode(session_data, secret_key, class_name='SessionStore'): encoded_data = base64.b64decode(session_data) utoken, pickled = encoded_data.split(b':', 1) expected_utoken = session_utoken(pickled, secret_key, class_name) if utoken.decode() != expected_utoken: raise BaseException('Session data corrupted "%s" != "%s"', utoken.decode(), expected_utoken) return json.loads(pickled.decode('utf-8'))s = Session.objects.get(session_key=session_key)decode(s.session_data, 'YOUR_SECRET_KEY'))
credit to: http://joelinoff.com/blog/?p=920