Added fatal error to Session class when no encryption key is set in the config file, for additional assurance that session manipulation can be prevented

author: Derek Jones <derek.jones@ellislab.com> 2010-08-31 04:31:08 +0200
committer: Derek Jones <derek.jones@ellislab.com> 2010-08-31 04:31:08 +0200
commit: 5485db50775d4e2f76a593ef8b3425f6a1b90666 (patch)
tree: 1b934405afbdcd4501237b11959117006806784b /user_guide/libraries
parent: 60f8c395f24ba6db80d510892bcc53ce5bf9f4eb (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/user_guide/libraries/sessions.html b/user_guide/libraries/sessions.html
index 9a2ca939c..7dc386fd4 100644
--- a/user_guide/libraries/sessions.html
+++ b/user_guide/libraries/sessions.html
@@ -68,6 +68,9 @@ use the database option you'll need to create the session table as indicated bel
 <p class="important"><strong>Note:</strong> The Session class does <strong>not</strong> utilize native PHP sessions. It
 generates its own session data, offering more flexibility for developers.</p>
 
+<p class="important"><strong>Note:</strong> Even if you are not using encrypted sessions, you must set
+an encryption key in your config file which is used to aid in preventing session data manipulation.</p>
+
 <h2>Initializing a Session</h2>
 
 <p>Sessions will typically run globally with each page load, so the session class must either be
author	Derek Jones <derek.jones@ellislab.com>	2010-08-31 04:31:08 +0200
committer	Derek Jones <derek.jones@ellislab.com>	2010-08-31 04:31:08 +0200
commit	5485db50775d4e2f76a593ef8b3425f6a1b90666 (patch)
tree	1b934405afbdcd4501237b11959117006806784b /user_guide/libraries
parent	60f8c395f24ba6db80d510892bcc53ce5bf9f4eb (diff)