Steps to reproduce:
- You need an old installation with IDs from distributed monitoring or any configid != 1
CEncryptHelper::updateKey() has "dbConditionInt('configid', )" as condition. So the update query to the DB doesn't do anything and session_key will never be set. Resulting in a failing cookie signature validation.
All users will be downgraded to the guest user.
"dynamic" configid condition, so session_key will be set if it's empty.