Date: Mon, 30 Aug 2010 21:31:08 -0500
Subject: Added fatal error to Session class when no encryption key is set in
the config file, for additional assurance that session manipulation can be
prevented
---
user_guide/libraries/sessions.html | 3 +++
1 file changed, 3 insertions(+)
(limited to 'user_guide/libraries/sessions.html')
diff --git a/user_guide/libraries/sessions.html b/user_guide/libraries/sessions.html
index 9a2ca939c..7dc386fd4 100644
--- a/user_guide/libraries/sessions.html
+++ b/user_guide/libraries/sessions.html
@@ -68,6 +68,9 @@ use the database option you'll need to create the session table as indicated bel
Note: The Session class does not utilize native PHP sessions. It
generates its own session data, offering more flexibility for developers.
+Note: Even if you are not using encrypted sessions, you must set
+an encryption key in your config file which is used to aid in preventing session data manipulation.
+
Initializing a Session
Sessions will typically run globally with each page load, so the session class must either be
--
cgit v1.2.3-24-g4f1b
From 52ace4322b6ff02b8d0212197355ac9ee25e63f2 Mon Sep 17 00:00:00 2001
From: Derek Jones
Date: Mon, 30 Aug 2010 21:33:38 -0500
Subject: added link for encryption key in Session class to the explanation in
the Encryption lib
---
user_guide/libraries/sessions.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
(limited to 'user_guide/libraries/sessions.html')
diff --git a/user_guide/libraries/sessions.html b/user_guide/libraries/sessions.html
index 7dc386fd4..a8e3b3496 100644
--- a/user_guide/libraries/sessions.html
+++ b/user_guide/libraries/sessions.html
@@ -69,7 +69,7 @@ use the database option you'll need to create the session table as indicated bel
generates its own session data, offering more flexibility for developers.
Note: Even if you are not using encrypted sessions, you must set
-an encryption key in your config file which is used to aid in preventing session data manipulation.
+an encryption key in your config file which is used to aid in preventing session data manipulation.