From 1e97de9105515a5e5295e92b64af3168eb45e775 Mon Sep 17 00:00:00 2001
From: Feanil Patel <feanil@edx.org>
Date: Thu, 17 Oct 2019 16:12:44 -0400
Subject: [PATCH] Use the default json session serializer.

This will force a logout as sessions fail to load but this should be a
more performant and secure serializer moving forward.  The reason we
overwrote it in our config is that it previously used to be the default
and we didn't want things to breake and force logouts when we changed
it.  We're no more okay with people getting logged out.
---
 cms/envs/common.py | 1 -
 lms/envs/common.py | 1 -
 2 files changed, 2 deletions(-)

diff --git a/cms/envs/common.py b/cms/envs/common.py
index 96594e01c9..bf60eee34b 100644
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -829,7 +829,6 @@ COURSES_WITH_UNSAFE_CODE = []
 DEBUG = False
 SESSION_COOKIE_SECURE = False
 SESSION_SAVE_EVERY_REQUEST = False
-SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
 SESSION_COOKIE_DOMAIN = ""
 SESSION_COOKIE_NAME = 'sessionid'
 
diff --git a/lms/envs/common.py b/lms/envs/common.py
index a2a9a8249e..ef38521367 100644
--- a/lms/envs/common.py
+++ b/lms/envs/common.py
@@ -1101,7 +1101,6 @@ DEBUG = False
 USE_TZ = True
 SESSION_COOKIE_SECURE = False
 SESSION_SAVE_EVERY_REQUEST = False
-SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
 SESSION_COOKIE_DOMAIN = ""
 SESSION_COOKIE_NAME = 'sessionid'