django 1.6 upgrade

All posts tagged django 1.6 upgrade

Django finally released version 1.6 of their Python based web-framework.  I use it at my job everyday and we ran into issues with the old system where they were using such an old version of Django that it was impossible to just simply update.  One of the goals with the new system we are creating is to stay as up to date as we possibly can with all of our technologies.  For us that is Bootstrap, jQuery, Django, and a few other third-party web plugins.  Here are a few of the notes I’m writing down for myself and for others to use if they run into issues in upgrading from 1.5.4 to 1.6.

Default session serialization switched to JSON

Django changed the way the session variable is being stored from pickle to JSON.  This is for the best as there is an exploit if the attacker knows your SECRET_KEY and has access to the CSRF tokens being sent by users and the session variable uses pickle.  Using JSON fixes this and Django has elected to make it the new default.  The issue is that some things, in our case timezones, are not JSON serializable.  If you’d like to still use pickle for your session variables just add SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer' to your settings.py file.

Simplejson Deprecated

Simplejson has been deprecated and you should now use JSON.  This means you’ll need to change your imports from from django.utils import simplejson to just import json and you’ll need to change any code that uses simplejson to just json.

User Profile Deprecated

They have officially deprecated the use of user profiles attached to the default user in favor of custom user models.  Custom user models should be setup on initial project creation.  If you didn’t do this then you can use something like South to migrate your data.  The easiest way to create a custom user model is shown below by extending the base Django user and just adding to it.

settings.py

models.py

Now anywhere you would make a foreign key to User you’ll need to import settings and use settings.AUTH_USER_MODEL instead of User.

models.py

Those are all of the major things that I needed to change to update everything.  Granted they started to deprecate user profiles back in 1.5 we just hadn’t made the change yet and needed to now.  Hope this helps and if you find any other bugs or awkwardness when upgrading post in the comments below.  You can also read the Django 1.6 release notes on their site.