* Fixed os.getpid issue on GAE.
* CookieSession will add '_expires' value to data when an expire time is set,
and uses it
* Fixed bug caused when attempting to invalidate a session that hadn't
previously been created.
* Bug fix for cookie sessions to retain id before clearing values.
* Added cookie delete to both cookie only sessions and normal sessions, to
help with proxies and such that may determine whether a user is logged in
via a cookie. (cookie varies, etc.). Suggested by Felix Schwarz.
* cache.get_value() now uses the given **kwargs in all cases in the same
manner as cache.set_value(). This way you can send a new createfunc
to cache.get_value() each time and it will be used.
* Fixed bug in memcached to be tolerant of keys disappearing when memcached
* Fixed the cache functionality to actually work, previously set_value was
ignored if there was already a value set.
* Adding 'google' backend datastore, available by specifying 'google' as the
cache/session type. Note that this takes an optional table_name used to name
the model class used.
* SECURITY BUG: Fixed security issue with Beaker not properly removing
directory escaping characters from the session ID when un-signed sessions
are used. Reported with patch by Felix Schwarz.
* Fixed bug with Beaker not playing well with Registry when its placed above
it in the stack. Thanks Wichert Akkerman.
* Adding 'id' to cookie-based sessions for better compatibility.
* Fixed error with exception still raised for PyCrypto missing.
* WARNING: Session middleware no longer catches Paste HTTP Exceptions, apps
are now expected to capture and handle Paste HTTP Exceptions themselves.
* Fixed Python 2.4 compatibility bug in hmac.
* Fixed key lookup bug on cache object to only use the settings for the key
lookup. Found by Andrew Stromnov.
* Added option to make Beaker use a secure cookie.
* Removed CTRCipher as pycryptopp doesn't need it.
* Changed AES to use 256 bit.
* Fixed signing code to use hmac with sha for better signing security.
* Fixed memcached code to use delete_multi on clearing the keys for efficiency
and updated key retrieval to properly store and retrieve None values.
* Removing cookie.py and signed cookie middleware, as the environ_key option
for session middleware provides a close enough setting.
* Added option to use just cookie-based sessions without requiring
* Switched encryption requirement from PyCrypto to pycryptopp which uses a
proper AES in Counter Mode.
* Fixed bug in middleware using module that wasn't imported.
* Fixed bug in memcached replace to actually replace spaces properly.
* Fixed md5 cookie signature to use SHA-1 when available.
* Updated cookie-based session storage to use 256-bit AES-CTR mode with a
SHA-1 HMAC signature. Now requires PyCrypto to use for AES scheme.
* WARNING: Moved session and cache middleware to middleware, as per the old
deprecation warnings had said was going to happen for 0.8.
* Added cookie-only session storage with RC4 ciphered encryption, requires
* Add the ability to specify the cookie's domain for sessions.
* Fixed bug in database.py not properly handling missing sqlalchemy library.
* Fixed bug in prior db update causing session to occasionally not be written
back to the db.
* Fixed memcached key error with keys containing spaces. Thanks Jim Musil.
* WARNING: Major change to ext:database to use a single row per namespace.
Additionally, there's an accessed and created column present to support
easier deletion of old cache/session data. You *will* need to drop any
existing tables being used by the ext:database backend.
* Streamline ext:database backend to avoid unnecessary database selects for
* Added SQLAlchemy 0.4 support to ext:database backend.
* Fixed data_dir parsing for session string coercions, no longer picks up None
as a data_dir.
* Fixed session.get_by_id to lookup recently saved sessions properly, also
updates session with creation/access time upon save.
* Add unit tests for get_by_id function. Updated get_by_id to not result in
additional session files.
* Added session.get_by_id function to retrieve a session of the given id.
* Fixed issue with Beaker not properly handling arguments as Pylons may pass
* Fixed unit test to catch file removal exception.
* Fixed another bug in synchronization, this one involving reentrant
conditions with file synchronization
* If a file open fails due to pickling errors, locks just opened
are released unconditionally
* Beaker was not properly parsing input options to session middleware. Thanks
to Yannick Gingras and Timothy S for spotting the issue.
* Changed session to only send the cookie header if its a new session and
save() was called. Also only creates the session file under these
* Added deprecation warning for middleware move, relocated middleware to cache
and session modules for backwards compatibility.
* adjusted synchronization logic to account for Mako/new Cache object's
multithreaded usage of Container.
* WARNING: Cleaned up Cache object based on Mako cache object, this changes
the call interface slightly for creating a Cache object directly. The
middleware cache object is unaffected from an end-user view. This change
also avoids duplicate creations of Cache objects.
* Adding database backend and unit tests.
* Added memcached test, fixed memcached namespace arg passing.
* Fixed session and cache tests, still failing syncdict test. Added doctests
for Cache and Session middleware.
* Cleanup of container/cache/container_test
* Namespaces no longer require a context, removed NamespaceContext?
* Logging in container.py uses logging module
* Cleanup of argument passing, use name **kwargs instead of **params for
* Container classes contain a static create_namespace() method, namespaces are
accessed from the ContainerContext? via string name + container class alone
* Implemented (but not yet tested) clear() method on Cache, locates all
Namespaces used thus far and clears each one based on its keys() collection
* Fixed Cache.clear() method to actually clear the Cache namespace.
* Updated memcached backend to split servers on ';' for multiple memcached
* Merging MyghtyUtils code into Beaker.
* Added api with customized Session that doesn't require a Myghty request
object, just a dict. Updated session to use the new version.
* Removing unicode keys as some dbm backends can't handle unicode keys.
* Adding core files that should've been here.
* More stringent checking for existence of a session.
* Avoid recreating the session object when it's empty.