summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorPaul McMillan <Paul@McMillan.ws>2012-02-16 02:08:11 +0000
committerPaul McMillan <Paul@McMillan.ws>2012-02-16 02:08:11 +0000
commitc05930c858bdfe59dec5fa257dc05b614fa7320b (patch)
tree5e713e70041080ecfe206e687198860dbcf13475 /docs
parentea8af819ab5348c7521c253e8e8f55efaeee181c (diff)
Added an explicit warning about cookie session store to release notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17529 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs')
-rw-r--r--docs/releases/1.4-beta-1.txt7
-rw-r--r--docs/releases/1.4.txt8
2 files changed, 15 insertions, 0 deletions
diff --git a/docs/releases/1.4-beta-1.txt b/docs/releases/1.4-beta-1.txt
index a3b8ef07d5..37cc60e258 100644
--- a/docs/releases/1.4-beta-1.txt
+++ b/docs/releases/1.4-beta-1.txt
@@ -197,6 +197,13 @@ Django 1.4 introduces a new cookie-based backend for the session framework
which uses the tools for :doc:`cryptographic signing </topics/signing>` to
store the session data in the client's browser.
+.. warning::
+
+ Session data is signed and validated by the server, but is not
+ encrypted. This means that a user can view any data stored in the
+ session, but cannot change it. Please read the documentation for
+ further clarification before using this backend.
+
See the :ref:`cookie-based session backend <cookie-session-backend>` docs for
more information.
diff --git a/docs/releases/1.4.txt b/docs/releases/1.4.txt
index 1932b94fca..c55d6654c6 100644
--- a/docs/releases/1.4.txt
+++ b/docs/releases/1.4.txt
@@ -171,6 +171,14 @@ Django 1.4 introduces a cookie-based session backend that uses the tools for
:doc:`cryptographic signing </topics/signing>` to store the session data in
the client's browser.
++.. warning::
++
++ Session data is signed and validated by the server, but is not
++ encrypted. This means that a user can view any data stored in the
++ session, but cannot change it. Please read the documentation for
++ further clarification before using this backend.
++
+
See the :ref:`cookie-based session backend <cookie-session-backend>` docs for
more information.