that hash is bcrypted. Bcrypted hashes are stored in a new column on
users. This separate column is only to allow for rollbacks,
eventually the old SHA1 hash column will be removed. Sensitive cookie
details are now encrypted to prevent user tampering and more stringent
checks on secret_token and session_secret_key are enforced.
