Commit | Line | Data |
a552e4b5 |
1 | Revision history for Perl extension Catalyst::Plugin::Session |
2 | |
d4e3f644 |
3 | 0.41 2018-12-05 |
4 | - Don't let an evil session ID supplier have an easy XSS vector (Michael McClimon++) |
5 | |
2790acd4 |
6 | 0.40 2015-01-26 |
7 | - Add a flag so that a storage can finalize during finalize_header rather |
8 | than finalize_body. This is to enable storages that need to write to the |
9 | HTTP header (such as the cookie based store). |
10 | |
2656f7b8 |
11 | 0.39 2013-10-16 |
7b420171 |
12 | - Fixed a bug when "expiry_threshold" is non-zero, where changes to the |
13 | session were not saved. |
14 | |
9cfd00b3 |
15 | 0.38 2013-09-18 |
16 | - New feature: "expiry_threshold" which allows you more control over when |
17 | this plugin checks and updates the expiration date for the session. |
18 | This is useful when you have high traffic and need to reduce the number |
19 | of session expiration hits (like if you are using a database for sessions |
20 | and your db is getting pounded). |
21 | |
06d0ceb7 |
22 | 0.37 2013-02-25 |
d681594f |
23 | - Fix t/live_verify_address.t to skip if Catalyst::Plugin::Authentication |
d7cb2327 |
24 | is not installed, fixing RT#81506. |
25 | |
e7e91d88 |
26 | 0.36 2012-10-19 |
27 | - Re-pack with new Module::Install which doesn't get |
28 | MYMETA.yaml wrong. |
29 | - Remove use of Plack::Middleware::ForceEnv from the tests |
df76da4a |
30 | as it was not used / needed |
31 | |
a3dc40ab |
32 | 0.35 2012-04-24 |
221e3f29 |
33 | - Implement a 'change_session_expires' method (gshank) |
34 | |
35 | - Fixed bug from last version where session does not persist |
36 | across a redirect |
a2e23c04 |
37 | |
f2993f24 |
38 | 0.34 2012-03-30 |
39 | - Fixed up t/live_verify_address.t per https://rt.cpan.org/Ticket/Display.html?id=71142 |
76b677b4 |
40 | - Merged in dpetrov's 0.32 changes (extend_session_expire) |
f2993f24 |
41 | |
ad3142b4 |
42 | 0.33 2012-03-08 |
43 | - Note that flash is deprecated / not recommended due to it's |
44 | inherent races. Point out Catalyst::Plugin::StatusMessage instead |
45 | |
b212d3b2 |
46 | 0.32 2011-06-08 |
47 | - Fix handling with enables verify_address and add related test |
48 | |
f4f73302 |
49 | 0.31 2010-10-08 |
834ab0b8 |
50 | - Fix session being loaded by call to dump_these in debug mode |
51 | (RT#58856) |
52 | |
5d56ebde |
53 | 0.30 2010-06-24 |
c0430ac1 |
54 | - Fix Makefile.PL's is_upgrading_needed() routine (RT #58771) |
55 | |
382d6092 |
56 | 0.29 2009-11-04 |
e8ce5753 |
57 | - Fix session being deleted when you have a new session after session |
58 | expiry when calling session_is_valid method. Tests for this. |
bb5f369a |
59 | - Allow ->session to be used as a setter method so that you can say |
60 | ->session( key => $value ); |
61 | |
836b0a11 |
62 | 0.28 2009-10-29 |
63 | - Fix session fixation test with LWP 5.833 by calling $cookie_jar->set_cookie |
64 | rather than manually stuffing the cookie in the request. |
65 | |
1c4a1a43 |
66 | 0.27 2009-10-08 |
67 | - Release 0.26_01 as stable without further changes. |
68 | |
9a50355f |
69 | 0.26_01 2009-10-06 |
064c3709 |
70 | - Move actions out of the root application class in tests as this |
71 | is deprecated. |
72 | - Change configuration key to 'Plugin::Session' by default. The |
73 | old 'session' key is still supported, but will issue a warning |
74 | in a future release. |
75 | |
a4bd5693 |
76 | 0.26 2009-08-19 |
6945eb54 |
77 | - Remove Test::MockObject from the test suite as prone to failing on |
78 | some platforms and perl versions due to it's UNIVERSAL:: package |
79 | dependencies. |
a4bd5693 |
80 | |
81 | 0.25 2009-07-08 |
af1e4bc8 |
82 | - Add the a change_session_id method which can be called after |
83 | authentication to change the user's session cookie whilst preserving |
84 | their session data. This can be used to provide protection from |
85 | Session Fixation attacks. (kmx) |
86 | |
f8f81744 |
87 | 0.24 2009-06-23 |
88 | - Be more paranoid about getting values of $c->req to avoid issues |
89 | with old Test::WWW::Mechanize::Catalyst. |
90 | - Check we have a modern version of TWMC before doing the tests which |
91 | need it. |
92 | |
e79a686c |
93 | 0.23 2009-06-16 |
b97042c0 |
94 | - Add the verify_user_agent config parameter (kmx) |
1c4a1a43 |
95 | - Add a test case to prove that logging in with a session cookie still |
b97042c0 |
96 | causes a new cookie to be issued for you, proving that the code is |
97 | not vulnerable to a session fixation attack. (t0m) |
73d1f3a2 |
98 | |
3253438d |
99 | 0.22 2009-05-13 |
100 | - INSANE HACK to ensure B::Hooks::EndOfScope inlines us a new method right now |
1c4a1a43 |
101 | in Catalyst::Plugin::Session::Test::Store for Catalyst 5.80004 compatibility. |
3253438d |
102 | |
103 | This change does not in any way affect normal users - it is just due to the |
104 | fairly crazy way that Catalyst::Plugin::Session::Test::Store works, and that |
105 | module is _only_ used for unit testing session store plugins pre-installation. |
106 | |
107 | Session::Test::Store should be replaced with a more sane solution, and other |
108 | CPAN modules using it moved away from using it, but this change keeps stops |
109 | new Catalyst breaking other distributions right now. |
110 | |
eee1173f |
111 | 0.21 2009-04-30 |
66017cbc |
112 | - Hide the internal packages in Catalyst::Plugin::Session::Test::Store from PAUSE. |
fff59d60 |
113 | - Convert from CAF to Moose with Moosex::Emulate::Class::Accessor::Fast |
66017cbc |
114 | |
87ed5295 |
115 | 0.20 2009-02-05 |
116 | - No code changes since 0.19_01 dev release. |
117 | - Add IDEAS.txt which is an irc log of discussion about the next-generation |
118 | session plugin from discussion on #catalyst-dev |
119 | - Remove TODO file, which is no longer relevant. |
120 | |
2842d938 |
121 | 0.19_01 2009-01-09 |
7550f095 |
122 | - Switch from using NEXT to Class::C3 for method re-dispatch. |
123 | - Use shipit to package the dist. |
124 | - Switch to Module::install. |
eb250519 |
125 | - Flash data is now stored inside the session (key "__flash") to avoid |
126 | duplicate entry errors caused by simultaneous select/insert/delete of |
2842d938 |
127 | flash rows when using DBI as a Store. (Sergio Salvi) |
128 | - Fix session finalization order that caused HTTP responses to be sent |
129 | before the session is actually finalized and stored in its Store. |
130 | (Sergio Salvi) |
7048c24e |
131 | |
132 | 0.19 2007-10-08 |
133 | |
e3496e48 |
134 | 0.18 2007-08-15 |
135 | - Fix Apache engine issue (RT #28845) |
c4dc7ba9 |
136 | |
e3496e48 |
137 | 0.17 2007-07-16 |
138 | - Skip a test if Cookie is not installed (RT #28137) |
c48f1a4e |
139 | |
e3496e48 |
140 | 0.16 2007-07-03 |
bcdad401 |
141 | - Stupid makefile |
142 | |
e3496e48 |
143 | 0.15 2007-06-24 |
38761943 |
144 | - Fix the bug that caused sessions to expire immediately when another |
145 | session was deleted previously in the same request cycle |
84f65b2e |
146 | - Changed finalize() to redispatch before saving session |
147 | so other finalize methods still have access to it. |
38761943 |
148 | |
e3496e48 |
149 | 0.14 2007-01-31 |
86553855 |
150 | - Disable verify_address. |
151 | - update flash to work like session |
152 | |
e3496e48 |
153 | 0.13 2006-10-12 |
177c24fe |
154 | - Rerelease with slightly changed test due to a behavior change in |
155 | Test::MockObject |
5a1f6ed4 |
156 | - add `clear_flash` |
49727697 |
157 | - improve debug logging |
158 | |
e3496e48 |
159 | 0.12 2006-08-26 |
8f236527 |
160 | - refactor out a hookable finalize_session method, for plugins |
161 | - make _clear_session_instance_data call NEXT::, so that plugins can |
162 | hook on to that too |
163 | |
e3496e48 |
164 | 0.11 2006-08-10 |
260b14c4 |
165 | - Lazify expiry calculation and store it in a different instance data |
166 | slot. This provides greater flexibility for implementing hooks like |
167 | DynamicExpiry the "right" way. |
168 | |
e3496e48 |
169 | 0.10 2006-08-01 |
23a2bf16 |
170 | - Implement a more well defined finalization order for Session stuff. |
171 | This solves a problem that was introduced by some value cleanups in |
172 | the 0.06 release. |
173 | |
e3496e48 |
174 | 0.09 2006-07-31 |
ec299c02 |
175 | - Fix Catalyst::Plugin::Session::Test::Store |
176 | |
e3496e48 |
177 | 0.08 2006-07-31 |
ec270ef0 |
178 | - rerelease because Module::Bane broke the META.yml. HURAAH |
179 | |
e3496e48 |
180 | 0.07 2006-07-30 |
340449a2 |
181 | - Make build tool complain loudly on incompatible versions of state |
182 | plugins. |
183 | |
e3496e48 |
184 | 0.06 2006-07-29 |
6f327a6c |
185 | - Change State plugin API to be pull oriented |
186 | - Lazify more correctly (mostly performance improvements) |
187 | - Don't try to compute digest of hash when there is no hash |
bab8b74b |
188 | |
e3496e48 |
189 | 0.05 2006-01-01 |
7db1c46a |
190 | - Un-workaround the Cache::FastMmap (actually Storable) limitation - |
191 | it's not C::P::Session's business. |
192 | - add $c->session_expires |
193 | - refactor guts |
194 | - improve semantics of session deletion (now deletes flash data too) |
195 | - improve lazy-load-ness of session data in the light of expiration |
196 | |
7a02371f |
197 | 0.04 2005-12-28 09:42:00 |
198 | - Work around a limitation in Cache::FastMmap - must store only |
199 | references, while expiration was an NV. |
200 | |
201 | 0.03 2005-12-26 10:22:00 |
a552e4b5 |
202 | - Lazify loading of session data for better performance and less chance |
203 | of race conditions |
9b0fa2a6 |
204 | - support for $c->flash a la Ruby on Rails |
5faaa4b0 |
205 | - Fixed bug in sessionid algorithm detection. |
4207ce8d |
206 | - Separate __expires from the session data - we write it every time |
207 | - Lazify saving of session data for better performance and less chance |
208 | of race conditions |
a552e4b5 |
209 | |
5faaa4b0 |
210 | 0.02 2005-11-23 09:40:00 |
a552e4b5 |
211 | - Doc fixes |
212 | - No more -Engine=Test |
213 | |
5faaa4b0 |
214 | 0.01 2005-11-14 12:41:00 |
a552e4b5 |
215 | - Initial release. |