From ab579e223f7a719acd4dd2c5ddeeb70953bec0e7 Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@plope.com>
Date: Tue, 10 Dec 2013 14:51:20 -0500
Subject: add note about non-bw-compat between SignedCookieSessionFactory and
 UnencryptedCookieSessionFactory.  Ref #1200.

---
 CHANGES.txt        | 12 +++++++-----
 pyramid/session.py |  9 ++++++++-
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/CHANGES.txt b/CHANGES.txt
index 0508abc61..7e044bf0d 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -35,11 +35,13 @@ Features
   See https://github.com/Pylons/pyramid/pull/1149
 
 - Added a new ``SignedCookieSessionFactory`` which is very similar to the
-  ``UnencryptedCookieSessionFactoryConfig`` but with a clearer focus on
-  signing content. The custom serializer arguments to this function should
-  only focus on serializing, unlike its predecessor which required the
-  serializer to also perform signing.
-  See https://github.com/Pylons/pyramid/pull/1142
+  ``UnencryptedCookieSessionFactoryConfig`` but with a clearer focus on signing
+  content. The custom serializer arguments to this function should only focus
+  on serializing, unlike its predecessor which required the serializer to also
+  perform signing.  See https://github.com/Pylons/pyramid/pull/1142 .  Note
+  that cookies generated using ``SignedCookieSessionFactory`` are not
+  compatible with cookies generated using ``UnencryptedCookieSessionFactory``,
+  so existing user session data will be destroyed if you switch to it.
 
 - Added a new ``BaseCookieSessionFactory`` which acts as a generic cookie
   factory that can be used by framework implementors to create their own
diff --git a/pyramid/session.py b/pyramid/session.py
index c9d738b9c..8c9900975 100644
--- a/pyramid/session.py
+++ b/pyramid/session.py
@@ -382,6 +382,10 @@ def UnencryptedCookieSessionFactoryConfig(
     """
     .. deprecated:: 1.5
        Use :func:`pyramid.session.SignedCookieSessionFactory` instead.
+       Caveat: Cookies generated using ``SignedCookieSessionFactory`` are not
+       compatible with cookies generated using
+       ``UnencryptedCookieSessionFactory``, so existing user session data will
+       be destroyed if you switch to it.
     
     Configure a :term:`session factory` which will provide unencrypted
     (but signed) cookie-based sessions.  The return value of this
@@ -466,7 +470,10 @@ def UnencryptedCookieSessionFactoryConfig(
 deprecated(
     'UnencryptedCookieSessionFactoryConfig',
     'The UnencryptedCookieSessionFactoryConfig callable is deprecated as of '
-    'Pyramid 1.5.  Use ``pyramid.session.SignedCookieSessionFactory`` instead.'
+    'Pyramid 1.5.  Use ``pyramid.session.SignedCookieSessionFactory`` instead. '
+    'Caveat: Cookies generated using SignedCookieSessionFactory are not '
+    'compatible with cookies generated using UnencryptedCookieSessionFactory, '
+    'so existing user session data will be destroyed if you switch to it.'
     )
 
 def SignedCookieSessionFactory(
-- 
cgit v1.2.3