id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
5760	Use keyed hashing for session data, remove duplicate code	Nir Soffer <nirs@…>	nobody	"Use hmac instead of md5 to create a digest of session data. Using hmac is probably more secure than the home built md5 implementation. Also, the current implementation uses hexdigest() when digest() is just fine.

While replacing the hash, extract the digest code to a new function to remove duplicate code.

Issues:
 - Old session will be invalidated with this patch"		closed	contrib.sessions	0.96		wontfix			Unreviewed	1	0	0	0	0	0