id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 5760 Use keyed hashing for session data, remove duplicate code Nir Soffer nobody "Use hmac instead of md5 to create a digest of session data. Using hmac is probably more secure than the home built md5 implementation. Also, the current implementation uses hexdigest() when digest() is just fine. While replacing the hash, extract the digest code to a new function to remove duplicate code. Issues: - Old session will be invalidated with this patch" closed contrib.sessions 0.96 wontfix Unreviewed 1 0 0 0 0 0