Revision history for Perl extension Catalyst::Plugin::Session
+0.41 2018-12-05
+ - Don't let an evil session ID supplier have an easy XSS vector (Michael McClimon++)
+
+0.40 2015-01-26
+ - Add a flag so that a storage can finalize during finalize_header rather
+ than finalize_body. This is to enable storages that need to write to the
+ HTTP header (such as the cookie based store).
+
+0.39 2013-10-16
+ - Fixed a bug when "expiry_threshold" is non-zero, where changes to the
+ session were not saved.
+
+0.38 2013-09-18
+ - New feature: "expiry_threshold" which allows you more control over when
+ this plugin checks and updates the expiration date for the session.
+ This is useful when you have high traffic and need to reduce the number
+ of session expiration hits (like if you are using a database for sessions
+ and your db is getting pounded).
+
+0.37 2013-02-25
+ - Fix t/live_verify_address.t to skip if Catalyst::Plugin::Authentication
+ is not installed, fixing RT#81506.
+
+0.36 2012-10-19
+ - Re-pack with new Module::Install which doesn't get
+ MYMETA.yaml wrong.
+ - Remove use of Plack::Middleware::ForceEnv from the tests
+ as it was not used / needed
+
+0.35 2012-04-24
+ - Implement a 'change_session_expires' method (gshank)
+
+ - Fixed bug from last version where session does not persist
+ across a redirect
+
+0.34 2012-03-30
+ - Fixed up t/live_verify_address.t per https://rt.cpan.org/Ticket/Display.html?id=71142
+ - Merged in dpetrov's 0.32 changes (extend_session_expire)
+
+0.33 2012-03-08
+ - Note that flash is deprecated / not recommended due to it's
+ inherent races. Point out Catalyst::Plugin::StatusMessage instead
+
+0.32 2011-06-08
+ - Fix handling with enables verify_address and add related test
+
+0.31 2010-10-08
+ - Fix session being loaded by call to dump_these in debug mode
+ (RT#58856)
+
+0.30 2010-06-24
+ - Fix Makefile.PL's is_upgrading_needed() routine (RT #58771)
+
+0.29 2009-11-04
+ - Fix session being deleted when you have a new session after session
+ expiry when calling session_is_valid method. Tests for this.
+ - Allow ->session to be used as a setter method so that you can say
+ ->session( key => $value );
+
+0.28 2009-10-29
+ - Fix session fixation test with LWP 5.833 by calling $cookie_jar->set_cookie
+ rather than manually stuffing the cookie in the request.
+
0.27 2009-10-08
- Release 0.26_01 as stable without further changes.