[eluser]xjohnson[/eluser]
Hi, All -
One of the features I like in CI v1.7.3 is being able to encrypt cookie data by simply turning a 'FALSE' setting into a 'TRUE' setting in the config.php file. However, this ease seems to be slightly more complicated with the CI v2.0.2 I just upgraded to. Whether or not I choose to encrypt cookie data, I'm required to provide some sort of "encryption key" in the config.php file.
But, I'm not sure why. What should be used as an encryption key? - any old series of random string of characters? Why can't CI v2.0.2 just encrypt data as it has in the past? If the idea is to provide two-way encryption, then under what conditions would someone want to do that? .... In a nutshell, what is the philosophy behind this requirement?
Thanks in advance.
Warm Regards
