Session data corrupted in django

Solution 1

Sorry for getting late to this post, but by any chance, did you change the SECRET_KEY variable on your project? sessions used to be cyphered using this salt, so if you changed it you have corrupted all your sessions, but don't worry! is not a big deal, the worst-case scenario is for the sessions that were existing before this, those will need to log-in again, and that's it ;)

Solution 2

You are getting this error because of this line: https://github.com/django/django/blob/master/django/contrib/sessions/backends/base.py#L109

Apparently, there's something went terribly wrong with encryption of session data.

How to fix it? I'm not sure, I have a couple of ideas though:

• Do you use a custom session class?
• Do you use your Django session in another project?

Solution 3

This worked for me:

import base64
import hashlib
import hmac
import json

def session_utoken(msg, secret_key, class_name='SessionStore'):
    key_salt = "django.contrib.sessions" + class_name
    sha1 = hashlib.sha1((key_salt + secret_key).encode('utf-8')).digest()
    utoken = hmac.new(sha1, msg=msg, digestmod=hashlib.sha1).hexdigest()
    return utoken


def decode(session_data, secret_key, class_name='SessionStore'):
    encoded_data = base64.b64decode(session_data)
    utoken, pickled = encoded_data.split(b':', 1)
    expected_utoken = session_utoken(pickled, secret_key, class_name)
    if utoken.decode() != expected_utoken:
        raise BaseException('Session data corrupted "%s" != "%s"',
                            utoken.decode(),
                            expected_utoken)
    return json.loads(pickled.decode('utf-8'))

s = Session.objects.get(session_key=session_key)
decode(s.session_data, 'YOUR_SECRET_KEY'))

credit to: http://joelinoff.com/blog/?p=920

Related videos on Youtube