1 Revision history for Perl extension Catalyst::Plugin::Session
4 - Add the a change_session_id method which can be called after
5 authentication to change the user's session cookie whilst preserving
6 their session data. This can be used to provide protection from
7 Session Fixation attacks. (kmx)
10 - Be more paranoid about getting values of $c->req to avoid issues
11 with old Test::WWW::Mechanize::Catalyst.
12 - Check we have a modern version of TWMC before doing the tests which
16 - Add the verify_user_agent config parameter (kmx)
17 - Add a test case to prove that logging in with a session cookie still
18 causes a new cookie to be issued for you, proving that the code is
19 not vulnerable to a session fixation attack. (t0m)
22 - INSANE HACK to ensure B::Hooks::EndOfScope inlines us a new method right now
23 in Catalyst::Plugin::Session::Test::Store for Catalyst 5.80004 compatibility.
25 This change does not in any way affect normal users - it is just due to the
26 fairly crazy way that Catalyst::Plugin::Session::Test::Store works, and that
27 module is _only_ used for unit testing session store plugins pre-installation.
29 Session::Test::Store should be replaced with a more sane solution, and other
30 CPAN modules using it moved away from using it, but this change keeps stops
31 new Catalyst breaking other distributions right now.
34 - Hide the internal packages in Catalyst::Plugin::Session::Test::Store from PAUSE.
35 - Convert from CAF to Moose with Moosex::Emulate::Class::Accessor::Fast
38 - No code changes since 0.19_01 dev release.
39 - Add IDEAS.txt which is an irc log of discussion about the next-generation
40 session plugin from discussion on #catalyst-dev
41 - Remove TODO file, which is no longer relevant.
44 - Switch from using NEXT to Class::C3 for method re-dispatch.
45 - Use shipit to package the dist.
46 - Switch to Module::install.
47 - Flash data is now stored inside the session (key "__flash") to avoid
48 duplicate entry errors caused by simultaneous select/insert/delete of
49 flash rows when using DBI as a Store. (Sergio Salvi)
50 - Fix session finalization order that caused HTTP responses to be sent
51 before the session is actually finalized and stored in its Store.
57 - Fix Apache engine issue (RT #28845)
60 - Skip a test if Cookie is not installed (RT #28137)
66 - Fix the bug that caused sessions to expire immediately when another
67 session was deleted previously in the same request cycle
68 - Changed finalize() to redispatch before saving session
69 so other finalize methods still have access to it.
72 - Disable verify_address.
73 - update flash to work like session
76 - Rerelease with slightly changed test due to a behavior change in
79 - improve debug logging
82 - refactor out a hookable finalize_session method, for plugins
83 - make _clear_session_instance_data call NEXT::, so that plugins can
87 - Lazify expiry calculation and store it in a different instance data
88 slot. This provides greater flexibility for implementing hooks like
89 DynamicExpiry the "right" way.
92 - Implement a more well defined finalization order for Session stuff.
93 This solves a problem that was introduced by some value cleanups in
97 - Fix Catalyst::Plugin::Session::Test::Store
100 - rerelease because Module::Bane broke the META.yml. HURAAH
103 - Make build tool complain loudly on incompatible versions of state
107 - Change State plugin API to be pull oriented
108 - Lazify more correctly (mostly performance improvements)
109 - Don't try to compute digest of hash when there is no hash
112 - Un-workaround the Cache::FastMmap (actually Storable) limitation -
113 it's not C::P::Session's business.
114 - add $c->session_expires
116 - improve semantics of session deletion (now deletes flash data too)
117 - improve lazy-load-ness of session data in the light of expiration
119 0.04 2005-12-28 09:42:00
120 - Work around a limitation in Cache::FastMmap - must store only
121 references, while expiration was an NV.
123 0.03 2005-12-26 10:22:00
124 - Lazify loading of session data for better performance and less chance
126 - support for $c->flash a la Ruby on Rails
127 - Fixed bug in sessionid algorithm detection.
128 - Separate __expires from the session data - we write it every time
129 - Lazify saving of session data for better performance and less chance
132 0.02 2005-11-23 09:40:00
134 - No more -Engine=Test
136 0.01 2005-11-14 12:41:00