From f69f0e8f02815d44e218b013c8da92cebabbdcb1 Mon Sep 17 00:00:00 2001
From: Pascal Kriete <pascal@pascalkriete.com>
Date: Tue, 16 Oct 2012 11:54:49 -0400
Subject: Updating the cookie driver to use HMAC authentication on all cookie
 data.

Signed-off-by: Pascal Kriete <pascal@pascalkriete.com>
---
 user_guide_src/source/changelog.rst | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'user_guide_src')

diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 811aa8faf..165ff8ca0 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -159,6 +159,8 @@ Release Date: Not Released
 	 -  New tempdata feature allows setting user data items with an expiration time.
 	 -  Added default $config['sess_driver'] and $config['sess_valid_drivers'] items to config.php file.
 	 -  Cookie driver now respects php.ini's session.gc_probability and session.gc_divisor
+    -  The Cookie driver now uses HMAC authentication instead of the simple md5 checksum.
+    -  The Cookie driver now also checks authentication on encrypted session data.
 	 -  Changed the Cookie driver to select only one row when using database sessions.
 	 -  Cookie driver now only writes to database at end of request when using database.
 	 -  Cookie driver now uses PHP functions for faster array manipulation when using database.
-- 
cgit v1.2.3-24-g4f1b