[Catalyst-commits] r10921 - in trunk/Catalyst-Plugin-Session-State-Cookie: . lib/Catalyst/Plugin/Session/State

t0m at dev.catalyst.perl.org t0m at dev.catalyst.perl.org
Sat Jul 18 01:12:56 GMT 2009


Author: t0m
Date: 2009-07-18 01:12:56 +0000 (Sat, 18 Jul 2009)
New Revision: 10921

Modified:
   trunk/Catalyst-Plugin-Session-State-Cookie/Changes
   trunk/Catalyst-Plugin-Session-State-Cookie/lib/Catalyst/Plugin/Session/State/Cookie.pm
Log:
Bump versions, strip whitespace

Modified: trunk/Catalyst-Plugin-Session-State-Cookie/Changes
===================================================================
--- trunk/Catalyst-Plugin-Session-State-Cookie/Changes	2009-07-17 22:57:47 UTC (rev 10920)
+++ trunk/Catalyst-Plugin-Session-State-Cookie/Changes	2009-07-18 01:12:56 UTC (rev 10921)
@@ -1,5 +1,6 @@
 Revision history for Perl extension Catalyst::Plugin::Session::State::Cookie
 
+0.12    2009-07-18
         - Introduced a new option cookie_httponly 
         - Option cookie_secure extended (old syntax fully supported)
 

Modified: trunk/Catalyst-Plugin-Session-State-Cookie/lib/Catalyst/Plugin/Session/State/Cookie.pm
===================================================================
--- trunk/Catalyst-Plugin-Session-State-Cookie/lib/Catalyst/Plugin/Session/State/Cookie.pm	2009-07-17 22:57:47 UTC (rev 10920)
+++ trunk/Catalyst-Plugin-Session-State-Cookie/lib/Catalyst/Plugin/Session/State/Cookie.pm	2009-07-18 01:12:56 UTC (rev 10921)
@@ -7,7 +7,7 @@
 use MRO::Compat;
 use Catalyst::Utils ();
 
-our $VERSION = "0.11";
+our $VERSION = "0.12";
 
 BEGIN { __PACKAGE__->mk_accessors(qw/_deleted_session_id/) }
 
@@ -40,7 +40,7 @@
 
 sub update_session_cookie {
     my ( $c, $updated ) = @_;
-    
+
     unless ( $c->cookie_is_rejecting( $updated ) ) {
         my $cookie_name = $c->config->{session}{cookie_name};
         $c->response->cookies->{$cookie_name} = $updated;
@@ -49,11 +49,11 @@
 
 sub cookie_is_rejecting {
     my ( $c, $cookie ) = @_;
-    
+
     if ( $cookie->{path} ) {
         return 1 if index '/'.$c->request->path, $cookie->{path};
     }
-    
+
     return 0;
 }
 
@@ -75,8 +75,8 @@
     #beware: we have to accept also the old syntax "cookie_secure = true"
     my $sec = $cfg->{cookie_secure} || 0; # default = 0 (not set)
     $cookie->{secure} = 1 unless ( ($sec==0) || ($sec==2) );
-    $cookie->{secure} = 1 if ( ($sec==2) && $c->req->secure );      
-    
+    $cookie->{secure} = 1 if ( ($sec==2) && $c->req->secure );
+
     my $hto = $cookie->{httponly} || 1; # default = 1 (set httponly)
     $cookie->{httponly} = 1 unless ($hto==0);
 
@@ -119,7 +119,7 @@
 sub get_session_id {
     my $c = shift;
 
-    if ( !$c->_deleted_session_id and my $cookie = $c->get_session_cookie ) { 
+    if ( !$c->_deleted_session_id and my $cookie = $c->get_session_cookie ) {
         my $sid = $cookie->value;
         $c->log->debug(qq/Found sessionid "$sid" in cookie/) if $c->debug;
         return $sid if $sid;
@@ -130,7 +130,7 @@
 
 sub delete_session_id {
     my ( $c, $sid ) = @_;
-    
+
     $c->_deleted_session_id(1); # to prevent get_session_id from returning it
 
     $c->update_session_cookie( $c->make_session_cookie( $sid, expires => 0 ) );
@@ -222,20 +222,20 @@
 
 =item cookie_expires
 
-Number of seconds from now you want to elapse before cookie will expire. 
-Set to 0 to create a session cookie, ie one which will die when the 
+Number of seconds from now you want to elapse before cookie will expire.
+Set to 0 to create a session cookie, ie one which will die when the
 user's browser is shut down.
 
 =item cookie_secure
 
 If this attribute B<set to 0> the cookie will not have the secure flag.
 
-If this attribute B<set to 1> (or true for backward compatibility) - the cookie 
-send by the server to the client will got the secure flag that tells the browser 
+If this attribute B<set to 1> (or true for backward compatibility) - the cookie
+send by the server to the client will got the secure flag that tells the browser
 to send this cookies back to the server only via HTTPS.
 
 If this attribute B<set to 2> then the cookie will got the secure flag only if
-the request that caused cookie generation was sent over https (this option is 
+the request that caused cookie generation was sent over https (this option is
 not good if you are mixing https and http in you application).
 
 Default vaule is 0.
@@ -244,16 +244,16 @@
 
 If this attribute B<set to 0>, the cookie will not have HTTPOnly flag.
 
-If this attribute B<set to 1>, the cookie will got HTTPOnly flag that should 
+If this attribute B<set to 1>, the cookie will got HTTPOnly flag that should
 prevent client side Javascript accessing the cookie value - this makes some
 sort of session hijacking attacks significantly harder. Unfortunately not all
-browsers support this flag (MSIE 6 SP1+, Firefox 3.0.0.6+, Opera 9.5+); if 
+browsers support this flag (MSIE 6 SP1+, Firefox 3.0.0.6+, Opera 9.5+); if
 a browser is not aware of HTTPOnly the flag will be ignored.
 
 Default value is 1.
 
 Note1: Many peole are confused by the name "HTTPOnly" - it B<does not mean>
-that this cookie works only over HTTP and not over HTTPS. 
+that this cookie works only over HTTP and not over HTTPS.
 
 Note2: This paramater requires Catalyst::Runtime 5.80005 otherwise is skipped.
 




More information about the Catalyst-commits mailing list