Update upgrading_ruby_on_rails.md

Added note that without a cookie rotator, user sessions could be invalidated during the upgrade. This recently happened to us.

Author: rajivraman

guides/source/upgrading_ruby_on_rails.md

@@ -416,14 +416,15 @@ request.content_type #=> "text/csv; header=present; charset=utf-16"
 request.media_type   #=> "text/csv"
 ```
 
-### Key generator digest class changing to use SHA256
+### Key generator digest class change requires a cookie rotator
 
 The default digest class for the key generator is changing from SHA1 to SHA256.
 This has consequences in any encrypted message generated by Rails, including
 encrypted cookies.
 
 In order to be able to read messages using the old digest class it is necessary
-to register a rotator.
+to register a rotator. Failing to do so may result in users having their sessions
+invalidated during the upgrade.
 
 The following is an example for rotator for the encrypted and the signed cookies.