Session data corrupted in django

Sorry for getting late to this post, but by any chance, did you change the SECRET_KEY variable on your project? sessions used to be cyphered using this salt, so if you changed it you have corrupted all your sessions, but don't worry! is not a big deal, the worst-case scenario is for the sessions that were existing before this, those will need to log-in again, and that's it ;)

You are getting this error because of this line: https://github.com/django/django/blob/master/django/contrib/sessions/backends/base.py#L109

Apparently, there's something went terribly wrong with encryption of session data.

How to fix it? I'm not sure, I have a couple of ideas though:

• Do you use a custom session class?
• Do you use your Django session in another project?

This worked for me:

import base64import hashlibimport hmacimport jsondef session_utoken(msg, secret_key, class_name='SessionStore'):    key_salt = "django.contrib.sessions" + class_name    sha1 = hashlib.sha1((key_salt + secret_key).encode('utf-8')).digest()    utoken = hmac.new(sha1, msg=msg, digestmod=hashlib.sha1).hexdigest()    return utokendef decode(session_data, secret_key, class_name='SessionStore'):    encoded_data = base64.b64decode(session_data)    utoken, pickled = encoded_data.split(b':', 1)    expected_utoken = session_utoken(pickled, secret_key, class_name)    if utoken.decode() != expected_utoken:        raise BaseException('Session data corrupted "%s" != "%s"',                            utoken.decode(),                            expected_utoken)    return json.loads(pickled.decode('utf-8'))s = Session.objects.get(session_key=session_key)decode(s.session_data, 'YOUR_SECRET_KEY'))

credit to: http://joelinoff.com/blog/?p=920