summaryrefslogtreecommitdiffstats
path: root/user_guide/libraries/sessions.html
diff options
context:
space:
mode:
authorDerek Jones <derek.jones@ellislab.com>2010-08-31 04:31:08 +0200
committerDerek Jones <derek.jones@ellislab.com>2010-08-31 04:31:08 +0200
commit5485db50775d4e2f76a593ef8b3425f6a1b90666 (patch)
tree1b934405afbdcd4501237b11959117006806784b /user_guide/libraries/sessions.html
parent60f8c395f24ba6db80d510892bcc53ce5bf9f4eb (diff)
Added fatal error to Session class when no encryption key is set in the config file, for additional assurance that session manipulation can be prevented
Diffstat (limited to 'user_guide/libraries/sessions.html')
-rw-r--r--user_guide/libraries/sessions.html3
1 files changed, 3 insertions, 0 deletions
diff --git a/user_guide/libraries/sessions.html b/user_guide/libraries/sessions.html
index 9a2ca939c..7dc386fd4 100644
--- a/user_guide/libraries/sessions.html
+++ b/user_guide/libraries/sessions.html
@@ -68,6 +68,9 @@ use the database option you'll need to create the session table as indicated bel
<p class="important"><strong>Note:</strong> The Session class does <strong>not</strong> utilize native PHP sessions. It
generates its own session data, offering more flexibility for developers.</p>
+<p class="important"><strong>Note:</strong> Even if you are not using encrypted sessions, you must set
+an encryption key in your config file which is used to aid in preventing session data manipulation.</p>
+
<h2>Initializing a Session</h2>
<p>Sessions will typically run globally with each page load, so the session class must either be