Translations:Manual:$wgAuthenticationTokenVersion/9/en


 * if an attacker has obtained the raw token value from the database, and knows the value of $AuthenticationTokenVersion, they can always calculate the cookie value.