view release on metacpan or  search on metacpan

Changes  view on Meta::CPAN

   - remove Apache2::AuthCookie::Util - no longer necessary
   - multi-valued form fields are now handled properly in POST -> GET conversion
   - MP2: require CGI.pm 3.12 or later

Version: 3.08
   - fix "authorize user" error log that was missing a debug level check
     (thanks Barry)
   - fix test cases 3, 6, 18 for Win32
   - clean up t/real.t

Version: 3.07
 *** mod_perl2 users: THIS RELEASE IS INCOMPATIBLE WITH PAST RELEASES    ***
 *** If you are running mod_perl2, you must update to at least           ***
 *** mod_perl 2.0.0 RC5.  The mod_perl2 version of AuthCookie has been   ***
 *** renamed to Apache2::AuthCookie                                      ***
  ** MP2: RENAME AuthCookie.pm.mp2 to Apache2::AuthCookie.
   - MP2: Update module, and tests for mod_perl 2.0.0 RC5.  mod_perl2 users
     MUST use Apache2::AuthCookie now.
   - Require Apache::Test 1.22
   - Add support for ${auth_name}SessionTimeout configuration paramter
     which will re-issue the ticket with the expires parameter set to the
     value of this configuration setting for each request.  This is useful for
     idle-timeout.
   - POD fixes.
   - MP2: fix uninitialized warnings if no POST/GET data (RT 11371)
   - make sure recognize_user() returns an Apache constant in all cases.
     Returns DECLINED in cases where we were returning undef before.
     (Thanks Vivek)
   - Add support for MS HttpOnly cookie property.

Version: 3.06
  ** BUG FIX: AuthNameSatisfy (Any|All) directives were broken. AuthCookie
     was using AuthCookieSatisfy rather than ${auth_name}Satisfy.  If you
     used this feature and had an "AuthCookieSatisfy" directive in your
     config file, you MUST change this to ${auth_name}Satisfy.
     E.g.: "WhateverSatisfy All"
   - created better test cases for AuthNameSatisfy directives.
   - when redirecting, set Location with headers_out() not err_headers_out().
     apache prefers Location in headers_out, even if the status code is not
     200.
   - MP2: Apache::unescape_url() -> Apache::URI::unescape_url()
   - check for mod_perl 1.9913 or later for Apache::URI (Frederick Moyer)
   - Remove set status in login.pl which caused malformed custom error
     document (Frederick Moyer)
   - Add support for ${auth_name}CookieName to change the name of the cookie
     used for each auth name.  Default remains ${auth_name}_${auth_type} if
     not set.
   - make some debug log_error() calls conditional on $debug

Version: 3.05
   - Fix POD documentation bug (thanks Steve van der Burg)
   - login(): set Location header with err_headers_out rather than headers_out
     (Casey West)
   - put cookie removal code in remove_cookie() method, put cache handling
     code in handle_cache() (Mark A. Hershberger)
   - reorganized tree to support multiple mod_perl versions.
   - rewrote tests to use Apache::Test framework from CPAN.
   - fix POD errors in authorize() documentation.
   - initial support for mod_perl version 2
   - mp2: check for Apache::RequestRec arg so that unported subclasses
     throw exceptions.

Version: 3.04
   - add _convert_to_get() to login_form(), and make POST -> GET conversion
     skip credentials and destination data so only extra data is copied. This 
     ensures that "destination" wont contain the login data.

Version: 3.03
   - various POD typos fixed (Eric Cholet)
   - Add support for ${AuthName}P3P which will set up a P3P header that will
     be sent with the cookie.
   - fix undefined warning in _convert_to_get (David K Trudgett)
   - fix potential cookie clobbering if cookie was set in earlier handler
     phase in send_cookie() (Carlyn Hicks).
   - various undefined value warnings eliminated

Version: 3.02
   - Add support for AuthNameSatisfy directive (can be Any/All, default: Any)
   - Move cookie path setting into get_cookie_path() so that users can
     overload this function if they desire (Thanks Raj Chandran)
   - POST -> GET conversion was broken (r->content called twice). Fixed.

Version: 3.01
   - adopted support for custom_errors() hook from michael@bizsystems.com.
   - Fixed incorrect documentation in authorize() (thanks to David Young).
   - login() handler changes:
       o if "destination" isnt in posted data, set AuthCookieReason to 
         no_cookie and return to login_form (previously just returned
         SERVER_ERROR).
       o if authen_cred() returns false, set AuthCookieReason to
         bad_credentials and return to the login form.
       o try to handle POST -> GET conversion.
   - CGI::Util dependency removed (these are internal subroutines for CGI.pm)
   - ${AuthName}Path will default to "/" if it is not specified (MSIE 6.0
     wont set cookies without path)
   - fix login() handler change so that destination doesnt get lost on
     subsequent login attempts (thanks Phillip Molter)

Version: 3.00
   - New maintiner: Michael Schout <mschout@gkg.net>
   - changed to hard coded $VERSION rather than RCS Revision style.
   - Revamped testing code to use Apache::test (with minor mods).
   - Added support for ${AuthName}Expires parameter that can be used
     to make your cookie persistent.
   - CGI::Util is now used for parsing the "Expires" parameter. If you are 
     missing this package, you probably need to upgrade your CGI.pm package.

Version: 2.011  Date: 2000/06/17 08:01:19
   Several people have requested a mechanism for the login script to be
   able to tell the difference between a failed login and a first attempt
   at a login.  Typically one can figure this out by whether a cookie has
   been sent or not, so I've put some information to that effect in
   $r->prev->subprocess_env().  See the login script docs for specifics.
   
   I also cleaned up the documentation for the login script.


Version: 2.010  Date: 2000/06/17 01:37:16
   (merged changes from sub-releases into main CVS branch.  Been living
   in CVS hell.  My CVS-hubris got the better of me, tried to do things
   with tags & soforth and wound up severely confused.  Thus the version