From 5485db50775d4e2f76a593ef8b3425f6a1b90666 Mon Sep 17 00:00:00 2001
From: Derek Jones <derek.jones@ellislab.com>
Date: Mon, 30 Aug 2010 21:31:08 -0500
Subject: Added fatal error to Session class when no encryption key is set in
 the config file, for additional assurance that session manipulation can be
 prevented

---
 system/libraries/Session.php | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'system/libraries')

diff --git a/system/libraries/Session.php b/system/libraries/Session.php
index cf6dc96e3..f413c0d1b 100644
--- a/system/libraries/Session.php
+++ b/system/libraries/Session.php
@@ -65,6 +65,11 @@ class CI_Session {
 			$this->$key = (isset($params[$key])) ? $params[$key] : $this->CI->config->item($key);
 		}
 
+		if ($this->encryption_key == '')
+		{
+			show_error('In order to use the Session class you are required to set an encryption key in your config file.');
+		}
+
 		// Load the string helper so we can use the strip_slashes() function
 		$this->CI->load->helper('string');
 
-- 
cgit v1.2.3-24-g4f1b