Do not rely on cookie path for session riding

Change-Id: Ib285a797485ec3180cb9dad0ade556078456073c
diff --git a/Changes b/Changes
index f91d5d9..7b57cfb 100644
--- a/Changes
+++ b/Changes
@@ -2,6 +2,7 @@
     - Change default api port to 443.
     - Update dependency of logback-classic.
     - Add warning regarding protected data.
+    - Do not rely on cookie path for session riding.
 
       This fixes a security issue! Please update!