[eluser]Icehawg[/eluser]
Doing some debugging, I wanted to check what was stored in my session. So I dumped out the contents of
$this->session and saw all my settings from config - database including my database userid and password. I scoured the user guide, again, and did some google searching, to see if I missed a step in my setup that would block out db info but didn't see anything.
Have I made a mistake somewhere or is the db password config option supposed to be available in clear text in the session variable?
(I have already changed my files to use mcrypt in my config file and db driver class so my password is no longer visible in the session variable, but, I would like to know if I have humped something up somewhere so I can roll back the changes I have made to a core file.)
Thanks.
Note : I am using database sessions with encryption.
