codeigniter - In order to use the Session class you are required to set an encryption key in your config file

Question

I am in the process of upgrading codeigniter from 1.7.2 to 2.0.1.

Everything seems to have gone ok except I get

In order to use the Session class you are required to set an encryption key in your config file.

What is the change in 2.0.0/2.0.1 that has caused this?

What change do I need to make to fix this.

Will making said change break anything?

Answer 1

ohai again https://www.codeigniter.com/user_guide/libraries/encryption.html :D

The reason they ask for an encryption key is security (obviously)

Note: Even if you are not using encrypted sessions, you must set an encryption key in your config file which is used to aid in preventing session data manipulation. - source: https://www.codeigniter.com/user_guide/libraries/sessions.html

This modification won't break your code. But be careful when updating from 1.7.2 to 2.0.1. I suggest you to backup your code :)

BTW they added this security improvement with the 2.0.0 version of CI. I don't know why they don't mention it in their upgrade guide though :(