Added an explicit warning about cookie session store to release notes.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17529 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
ea8af819ab
commit
c05930c858
|
@ -197,6 +197,13 @@ Django 1.4 introduces a new cookie-based backend for the session framework
|
|||
which uses the tools for :doc:`cryptographic signing </topics/signing>` to
|
||||
store the session data in the client's browser.
|
||||
|
||||
.. warning::
|
||||
|
||||
Session data is signed and validated by the server, but is not
|
||||
encrypted. This means that a user can view any data stored in the
|
||||
session, but cannot change it. Please read the documentation for
|
||||
further clarification before using this backend.
|
||||
|
||||
See the :ref:`cookie-based session backend <cookie-session-backend>` docs for
|
||||
more information.
|
||||
|
||||
|
|
|
@ -171,6 +171,14 @@ Django 1.4 introduces a cookie-based session backend that uses the tools for
|
|||
:doc:`cryptographic signing </topics/signing>` to store the session data in
|
||||
the client's browser.
|
||||
|
||||
+.. warning::
|
||||
+
|
||||
+ Session data is signed and validated by the server, but is not
|
||||
+ encrypted. This means that a user can view any data stored in the
|
||||
+ session, but cannot change it. Please read the documentation for
|
||||
+ further clarification before using this backend.
|
||||
+
|
||||
|
||||
See the :ref:`cookie-based session backend <cookie-session-backend>` docs for
|
||||
more information.
|
||||
|
||||
|
|
Loading…
Reference in New Issue