Version: 2.007 Date: 2000/04/15 15:27:02
If the browser sends a cookie but it's not one related to our
authentication, we formerly sent a blank cookie to the authentication
methods. Now we act as if no cookie was sent.
[errorasparks@cpd.harris.com (Alan Sparks)]
Fixed a server error that occurred when a certain user was required,
but a different valid user was logged in.
[efujii@miis.edu (Eduardo Fujii)]
Added a couple more debug statements that can help figure out what's
happening when your auth isn't working.
Improved some of the docs.
Added some tricks to Makefile.PL to make my life easier.
Changed the action of the example login forms from LOGIN to /LOGIN.
[michael@bizsystems.com (Michael)]
Version: 2.006 Date: 2000/03/26 18:28:32
Added the key() method, which will return the user's current session
key, if any. This can be handy inside a method that implements a
C<require> directive check (like the C<species> method discussed
above) if you put any extra information like clearances or whatever
into the session key.
Added method-by-method documentation for each method in AuthCookie.
Version: 2.005 Date: 2000/03/24 15:20:30
Removed the deprecated methods ->authen and ->authz. If you have
configurations that use these methods, you must change to the newer
->authenticate and ->authorize methods.
Changed a couple of 'Sample's in the documentation to
'Sample::AuthCookieHandler'. [asparks@cpd.harris.com (Alan Sparks)]
Version: 2.004 Date: 2000/03/15 20:53:20
Added documentation about the ability to set cookie domains. That
ability actually appeared in 2.002, but I forgot to document it or add
notes to the Changes file.
Version: 2.003 Date: 2000/03/14 21:08:02
Now returns FORBIDDEN instead of AUTH_REQUIRED when authorization
fails or when a user tries to access a protected doc.
Version: 2.002 Date: 2000/03/14 17:46:42
Added an internal _cookie_string method that helps construct cookie
strings. This shouldn't change any functionality, but makes my job
easier.
Added a couple of Makefile.PL questions that set the user & group
tests should run under.
Version: 2.001 Date: 2000/02/11 04:46:59
The login forms may now use the POST method instead of the GET method.
This is a big deal, because with GET the user's credentials get logged
to access logs, they remain in the user's browser history, and so on.
Thanks to cholet@logilune.com (Eric Cholet) for the patch and prodding.
There is now a proper test suite, which will fire up an httpd and make
requests of it. The test code is adapted from Eric's old example
(eg/) suite.
I've added a logout() method to help unset cookies. The example
logout.pl now uses logout(). Thanks to Aaron Ross
(ross@mathforum.com).
Version: 2.000 Date: 2000/02/02 13:18:23
First released version, bumped up revision number to 2.0
Created indentify() and authorize() methods to replace authen() and
authz(). authen() and authz() are now deprecated and will disappear
in a later version.
AuthType can now contain colons [adi@certsite.com (Adi)]
Nonexistent method calls (via 'require' directive) are no longer
shielded in authorization stage - if it fails it fails, and you get a
server error.
Multiple 'require' directives should work now - previously only the
first directive was respected.
Changed lots of documentation to reflect the above interface changes.
Version: 1.002 Date: 2000/01/27 22:07:13
- Now owned by Ken Williams (ken@forum.swarthmore.edu)
- Created indentify() and authorize() methods to replace authen()
and authz(). authen() and authz() are now deprecated and will
disappear in a later version.
- AuthType can now contain colons [adi@certsite.com (Adi)]
- Nonexistent method calls (via 'require' directive) are no longer
shielded in authorization stage - if it fails it fails, and you
get a server error.
- Multiple 'require' directives should work now - previously only
the first directive was respected.
Version: 1.001 Date: 2000/01/25 01:21:05
Eric's original version from CPAN