1 Revision history for Perl extension Catalyst::Plugin::Session
4 - Remove Test::MockObject from the test suite as it is full of fail.
7 - Add the a change_session_id method which can be called after
8 authentication to change the user's session cookie whilst preserving
9 their session data. This can be used to provide protection from
10 Session Fixation attacks. (kmx)
13 - Be more paranoid about getting values of $c->req to avoid issues
14 with old Test::WWW::Mechanize::Catalyst.
15 - Check we have a modern version of TWMC before doing the tests which
19 - Add the verify_user_agent config parameter (kmx)
20 - Add a test case to prove that logging in with a session cookie still
21 causes a new cookie to be issued for you, proving that the code is
22 not vulnerable to a session fixation attack. (t0m)
25 - INSANE HACK to ensure B::Hooks::EndOfScope inlines us a new method right now
26 in Catalyst::Plugin::Session::Test::Store for Catalyst 5.80004 compatibility.
28 This change does not in any way affect normal users - it is just due to the
29 fairly crazy way that Catalyst::Plugin::Session::Test::Store works, and that
30 module is _only_ used for unit testing session store plugins pre-installation.
32 Session::Test::Store should be replaced with a more sane solution, and other
33 CPAN modules using it moved away from using it, but this change keeps stops
34 new Catalyst breaking other distributions right now.
37 - Hide the internal packages in Catalyst::Plugin::Session::Test::Store from PAUSE.
38 - Convert from CAF to Moose with Moosex::Emulate::Class::Accessor::Fast
41 - No code changes since 0.19_01 dev release.
42 - Add IDEAS.txt which is an irc log of discussion about the next-generation
43 session plugin from discussion on #catalyst-dev
44 - Remove TODO file, which is no longer relevant.
47 - Switch from using NEXT to Class::C3 for method re-dispatch.
48 - Use shipit to package the dist.
49 - Switch to Module::install.
50 - Flash data is now stored inside the session (key "__flash") to avoid
51 duplicate entry errors caused by simultaneous select/insert/delete of
52 flash rows when using DBI as a Store. (Sergio Salvi)
53 - Fix session finalization order that caused HTTP responses to be sent
54 before the session is actually finalized and stored in its Store.
60 - Fix Apache engine issue (RT #28845)
63 - Skip a test if Cookie is not installed (RT #28137)
69 - Fix the bug that caused sessions to expire immediately when another
70 session was deleted previously in the same request cycle
71 - Changed finalize() to redispatch before saving session
72 so other finalize methods still have access to it.
75 - Disable verify_address.
76 - update flash to work like session
79 - Rerelease with slightly changed test due to a behavior change in
82 - improve debug logging
85 - refactor out a hookable finalize_session method, for plugins
86 - make _clear_session_instance_data call NEXT::, so that plugins can
90 - Lazify expiry calculation and store it in a different instance data
91 slot. This provides greater flexibility for implementing hooks like
92 DynamicExpiry the "right" way.
95 - Implement a more well defined finalization order for Session stuff.
96 This solves a problem that was introduced by some value cleanups in
100 - Fix Catalyst::Plugin::Session::Test::Store
103 - rerelease because Module::Bane broke the META.yml. HURAAH
106 - Make build tool complain loudly on incompatible versions of state
110 - Change State plugin API to be pull oriented
111 - Lazify more correctly (mostly performance improvements)
112 - Don't try to compute digest of hash when there is no hash
115 - Un-workaround the Cache::FastMmap (actually Storable) limitation -
116 it's not C::P::Session's business.
117 - add $c->session_expires
119 - improve semantics of session deletion (now deletes flash data too)
120 - improve lazy-load-ness of session data in the light of expiration
122 0.04 2005-12-28 09:42:00
123 - Work around a limitation in Cache::FastMmap - must store only
124 references, while expiration was an NV.
126 0.03 2005-12-26 10:22:00
127 - Lazify loading of session data for better performance and less chance
129 - support for $c->flash a la Ruby on Rails
130 - Fixed bug in sessionid algorithm detection.
131 - Separate __expires from the session data - we write it every time
132 - Lazify saving of session data for better performance and less chance
135 0.02 2005-11-23 09:40:00
137 - No more -Engine=Test
139 0.01 2005-11-14 12:41:00