Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Added an explicit warning about cookie session store to release notes.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17529 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit c05930c858bdfe59dec5fa257dc05b614fa7320b 1 parent ea8af81
Paul McMillan PaulMcMillan authored
Showing with 15 additions and 0 deletions.
  1. +7 −0 docs/releases/1.4-beta-1.txt
  2. +8 −0 docs/releases/1.4.txt
7 docs/releases/1.4-beta-1.txt
View
@@ -197,6 +197,13 @@ Django 1.4 introduces a new cookie-based backend for the session framework
which uses the tools for :doc:`cryptographic signing </topics/signing>` to
store the session data in the client's browser.
+.. warning::
+
+ Session data is signed and validated by the server, but is not
+ encrypted. This means that a user can view any data stored in the
+ session, but cannot change it. Please read the documentation for
+ further clarification before using this backend.
+
See the :ref:`cookie-based session backend <cookie-session-backend>` docs for
more information.
8 docs/releases/1.4.txt
View
@@ -171,6 +171,14 @@ Django 1.4 introduces a cookie-based session backend that uses the tools for
:doc:`cryptographic signing </topics/signing>` to store the session data in
the client's browser.
++.. warning::
++
++ Session data is signed and validated by the server, but is not
++ encrypted. This means that a user can view any data stored in the
++ session, but cannot change it. Please read the documentation for
++ further clarification before using this backend.
++
+
See the :ref:`cookie-based session backend <cookie-session-backend>` docs for
more information.
Please sign in to comment.
Something went wrong with that request. Please try again.