Revision history for Perl extension HTTP-Session2
1.10 2018-01-26T05:01:07Z
- Validate session ID
1.09 2014-09-01T02:22:09Z
- Catch the exception thrown from deserializer.
(songmu++)
1.08 2014-08-03T07:21:44Z
[INCOMPATIBLE CHANGE]
- ClientStore2: Encrypt sig, too.
This change is not compatible with previous version.
1.07 2014-08-01T14:06:49Z
[BROKEN. YOU SHOULDN't USE THIS VERSION]
- Fixed deps
1.06 2014-08-01T14:00:33Z
[BROKEN. YOU SHOULDN't USE THIS VERSION]
[BUG FIX]
- Random string generator doesn't works if /dev/urandom is not available.
This issue was introduced at 1.02.
1.05 2014-08-01T11:20:13Z
[BROKEN. YOU SHOULDN't USE THIS VERSION]
- Show warnings if the secret string is too short.
1.04 2014-08-01T11:09:52Z
[BROKEN. YOU SHOULDN't USE THIS VERSION]
- Documentation updated.
1.03 2014-08-01T11:03:19Z
[BROKEN. YOU SHOULDN't USE THIS VERSION]
- Added HTTP::Session2::ClientStore2
1.02 2014-07-31T21:14:50Z
- Better session id generation using /dev/urandom.
1.01 2014-07-28T11:43:10Z
- Revert HMAC strategy...
It breaks our code...
1.00 2014-07-28T04:09:47Z
[INCOMPATIBLE CHANGE]
- I changed HMAC strategy on ServerSide mode.
Previous version uses
hmac_hex(data: $session_id, key: $secret)
New version is:
hmac_hex(data: $secret, key: $session)
This version is even secure. But, it's not a critical issue.
I think this change won't break your code.
0.05 2014-03-18T18:52:37Z
- use Cookie::Baker for generating cookie string for Plack response object.
Because the document says HTTP::Session supports Cookie::Baker's expiration format like "-1d".
But it's not supported in previous version!!
https://github.com/tokuhirom/HTTP-Session2/pull/1
(magai)
0.04 2013-11-01T01:00:09Z
- Revert validate_empty_session flag introduced at 0.03.
(tokuhirom)
0.03 2013-10-31T01:19:19Z
- Validate empty session option for P3P cookies.
(tokuhirom)
- Non callback style storage settings.
(tokuhirom)
0.02 2013-10-30T00:16:10Z
- Documentation fix
0.01 2013-10-28T03:18:35Z
- original version