From 5485db50775d4e2f76a593ef8b3425f6a1b90666 Mon Sep 17 00:00:00 2001 From: Derek Jones Date: Mon, 30 Aug 2010 21:31:08 -0500 Subject: Added fatal error to Session class when no encryption key is set in the config file, for additional assurance that session manipulation can be prevented --- user_guide/libraries/sessions.html | 3 +++ 1 file changed, 3 insertions(+) (limited to 'user_guide') diff --git a/user_guide/libraries/sessions.html b/user_guide/libraries/sessions.html index 9a2ca939c..7dc386fd4 100644 --- a/user_guide/libraries/sessions.html +++ b/user_guide/libraries/sessions.html @@ -68,6 +68,9 @@ use the database option you'll need to create the session table as indicated bel

Note: The Session class does not utilize native PHP sessions. It generates its own session data, offering more flexibility for developers.

+

Note: Even if you are not using encrypted sessions, you must set +an encryption key in your config file which is used to aid in preventing session data manipulation.

+

Initializing a Session

Sessions will typically run globally with each page load, so the session class must either be -- cgit v1.2.3-24-g4f1b