Merge pull request #1896 from pkriete/develop

Updating the cookie driver to use HMAC authentication on all cookie data
author: Pascal Kriete <pascal@pascalkriete.com> 2012-10-17 17:59:40 +0200
committer: Pascal Kriete <pascal@pascalkriete.com> 2012-10-17 17:59:40 +0200
commit: 72865daaaac4d57a6cd598b1ad7398ff3ec3f498 (patch)
tree: 5d92a9d750631e6107015948b95009fdfdd3c381 /user_guide_src
parent: 8a7078b65dc387c8d74f963b80a7559bd094458a (diff)
parent: 28dc2023d32e1d997e2b90052f1960f98a255d2c (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index cbd7c83f5..de6ceabbe 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -159,6 +159,8 @@ Release Date: Not Released
 	 -  New tempdata feature allows setting user data items with an expiration time.
 	 -  Added default $config['sess_driver'] and $config['sess_valid_drivers'] items to config.php file.
 	 -  Cookie driver now respects php.ini's session.gc_probability and session.gc_divisor
+    -  The Cookie driver now uses HMAC authentication instead of the simple md5 checksum.
+    -  The Cookie driver now also checks authentication on encrypted session data.
 	 -  Changed the Cookie driver to select only one row when using database sessions.
 	 -  Cookie driver now only writes to database at end of request when using database.
 	 -  Cookie driver now uses PHP functions for faster array manipulation when using database.
author	Pascal Kriete <pascal@pascalkriete.com>	2012-10-17 17:59:40 +0200
committer	Pascal Kriete <pascal@pascalkriete.com>	2012-10-17 17:59:40 +0200
commit	72865daaaac4d57a6cd598b1ad7398ff3ec3f498 (patch)
tree	5d92a9d750631e6107015948b95009fdfdd3c381 /user_guide_src
parent	8a7078b65dc387c8d74f963b80a7559bd094458a (diff)
parent	28dc2023d32e1d997e2b90052f1960f98a255d2c (diff)