Doc tweaks, include pickle warning

pallets-eco · Feb 24, 2024 · ed0779d · ed0779d
1 parent 431debd
commit ed0779d
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 7 deletions.
diff --git a/docs/conf.py b/docs/conf.py
@@ -14,7 +14,7 @@
     "flask": ("http://flask.palletsprojects.com/", None),
     "werkzeug": ("http://werkzeug.palletsprojects.com/", None),
     "flask-sqlalchemy": ("http://flask-sqlalchemy.palletsprojects.com/", None),
-    "redis": ("http://redis-py.readthedocs.io/", None),
+    "redis": ("http://redis-py.readthedocs.io/en/stable/", None),
 }
 
 

diff --git a/docs/config_flask.rst b/docs/config_flask.rst
@@ -35,4 +35,4 @@ modify them at runtime.
 .. _SESSION_REFRESH_EACH_REQUEST: https://flask.palletsprojects.com/en/latest/config/#SESSION_REFRESH_EACH_REQUEST
 
 .. note::
-      ``PERMANENT_SESSION_LIFETIME`` is also used to set the expiration time of the session data on the server side, regardless of permanence.
+      ``PERMANENT_SESSION_LIFETIME`` is also used to set the expiration time of the session data on the server side, regardless of ``SESSION_PERMANENT``.
diff --git a/docs/config_security.rst b/docs/config_security.rst
@@ -12,6 +12,7 @@ Consider the following Flask configurations in production:
 
 .. list-table::
    :header-rows: 1
+   :align: left
 
    * - Setting
      - Consideration

diff --git a/docs/installation.rst b/docs/installation.rst
@@ -10,14 +10,19 @@ Install from PyPI using an installer such as pip:
 
 Flask-Session's only required dependency is msgspec for serialization, which has no sub-dependencies. 
 
-You need to choose a storage type and install an appropriate client library so the app can communicate with storage. For example, if you want to use Redis as your storage, you will need to install the redis-py client library:
+However, you also need to choose a storage type and install an appropriate client library so the app can communicate with storage. For example, if you want to use Redis as your storage, you will need to install the redis-py client library:
 
 .. code-block:: bash
 
     $ pip install redis
 
 Redis is the recommended storage type for Flask-Session, as it has the most complete support for the features of Flask-Session with minimal configuration.
 
+.. warning::
+
+  Flask-Session versions below 1.0.0 (not yet released), use pickle_ as the default serializer, which may have security implications in production if your storage is ever compromised.
+
+
 Direct support
 ---------------
 
@@ -60,7 +65,7 @@ Flask-Session also indirectly supports storage and client libraries via cachelib
    * - Redis
      - redis-py_
    * - Memcached
-     - pylibmc_, memcached, libmc_ or `google.appengine.api.memcached`_
+     - pylibmc_, python-memcached_, libmc_ or `google.appengine.api.memcached`_
    * - MongoDB
      - pymongo_
    * - DynamoDB
@@ -69,10 +74,10 @@ Flask-Session also indirectly supports storage and client libraries via cachelib
 
 .. warning::
 
-  As of writing, cachelib_ still uses pickle_ as the default serializer, which may have security implications in production.
+  As of writing, cachelib_ still uses pickle_ as the default serializer, which may have security implications in production if your storage is ever compromised.
 
 
-.. _redis-py: https://github.com/andymccurdy/redis-py
+.. _redis-py: https://github.com/redis/redis-py
 .. _pylibmc: http://sendapatch.se/projects/pylibmc/
 .. _python-memcached: https://github.com/linsomniac/python-memcached
 .. _pymemcache: https://github.com/pinterest/pymemcache

diff --git a/src/flask_session/cachelib/__init__.py b/src/flask_session/cachelib/__init__.py
@@ -1 +1 @@
-from .cachelib import CacheLibSessionInterface, CacheLibSession  # noqa: F401
+from .cachelib import CacheLibSession, CacheLibSessionInterface  # noqa: F401