Decode session data, no matter what hashes say. It helps in some cases where the Session.get_decoded method returns an empty dictionary because it is "suspicious" of user-data tampering. Based on source code from the Django project.

gistfile1.py

import base64
import pickle

from django.contrib.sessions.models import Session
from django.utils.encoding import force_unicode


def decode_session_data(session_key):
	"""Decode the data in a session object stored under ``session_key``.

	:param session_key: e.g. ``'1180b5ed42c2a3a5f217e35b755865da'`` 
	:return: decoded session data
	:rtype: :class:`dict`

	"""
	session_obj = Session.objects.get(pk=session_key)
	session_data = force_unicode(session_obj.session_data)
	encoded_data = base64.decodestring(session_data)
	hash, pickled = encoded_data.split(':', 1)

	return pickle.loads(pickled)