summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--application/config/config.php4
-rw-r--r--system/libraries/Session.php5
-rw-r--r--user_guide/libraries/sessions.html3
3 files changed, 10 insertions, 2 deletions
diff --git a/application/config/config.php b/application/config/config.php
index 6e52bcc17..c5eae8f5b 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -213,8 +213,8 @@ $config['cache_path'] = '';
| Encryption Key
|--------------------------------------------------------------------------
|
-| If you use the Encryption class or the Sessions class with encryption
-| enabled you MUST set an encryption key. See the user guide for info.
+| If you use the Encryption class or the Session class you
+| MUST set an encryption key. See the user guide for info.
|
*/
$config['encryption_key'] = "";
diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index cf6dc96e3..f413c0d1b 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -65,6 +65,11 @@ class CI_Session {
$this->$key = (isset($params[$key])) ? $params[$key] : $this->CI->config->item($key);
}
+ if ($this->encryption_key == '')
+ {
+ show_error('In order to use the Session class you are required to set an encryption key in your config file.');
+ }
+
// Load the string helper so we can use the strip_slashes() function
$this->CI->load->helper('string');
diff --git a/user_guide/libraries/sessions.html b/user_guide/libraries/sessions.html
index 9a2ca939c..7dc386fd4 100644
--- a/user_guide/libraries/sessions.html
+++ b/user_guide/libraries/sessions.html
@@ -68,6 +68,9 @@ use the database option you'll need to create the session table as indicated bel
<p class="important"><strong>Note:</strong> The Session class does <strong>not</strong> utilize native PHP sessions. It
generates its own session data, offering more flexibility for developers.</p>
+<p class="important"><strong>Note:</strong> Even if you are not using encrypted sessions, you must set
+an encryption key in your config file which is used to aid in preventing session data manipulation.</p>
+
<h2>Initializing a Session</h2>
<p>Sessions will typically run globally with each page load, so the session class must either be