Log Message:
- updated to 4.35

ChangeLog:
4.34 - Sunday, July 13, 2008
    * SECURITY: Patch CGI::Session::Driver::file to stop \ and / characters \ 
being used in
           session ids and hence in file names. These characters, possibly \ 
combined with '..',
           could have been used to access files outside the designated session \ 
file directory.
           Reported by TAN Chew Keong of vuln.sg.
    * FIX: Patch CGI::Session to propagate error upwards when _load_pluggables() \ 
fails.
           See RT#37628 and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490198.
    * INTERNAL: Ship a machine-readable version of this file under the name \ 
Changelog.ini.
           The latter file is generated by ini.report.pl, which is shipped with \ 
Module::Metadata::Changes.
           The reason Changelog.ini does not contain a separate section for each \ 
version in this file
           is that some of the versions documented below have no datestamp, and \ 
ini.report.pl does not create
           fake datestamps.

4.33 - Monday, July 7, 2008
    * FIX: Patch CGI::Session::Driver::mysql to replace 'REPLACE INTO ...' with
           'INSERT INTO ... ON DUPLICATE KEY UPDATE ...'. See RT#37069.
           Thanks to Steve Kirkup for the patch. I (Ron) installed MySQL V \ 
5.0.51a for testing.
           Note: \ 
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html and similar \ 
docs
           list various MySQL errors fixed recently for the above new syntax. \ 
Also, the new version
           is now much more like the Postgres code, which is another reason it \ 
has been adopted.
    * FIX: t/mysql.t used to test setting the global variable \ 
$CGI::Session::MySQL::TABLE_NAME.
           The test for this (in t/mysql.t) was introduced in V 4.00_09.
           However, since V 4.29_1, changes to CGI::Session::Driver's new() \ 
method mean
           this way of setting the session table's name no longer works, and so \ 
the variable
           $CGI::Session::MySQL::TABLE_NAME is now not used. Hence it has been \ 
removed.
           Code in CGI::Session::Driver::DBI used to set $class::TABLE_NAME for \ 
all database drivers.
           This code has also been removed. Moral: Don't use global variables.
           Call $session = CGI::Session -> new(..., ..., (TableName => \ 
'new_name'}) or,
           after creating the object, call $session -> table_name('new_name').
           To retrieve the name, call $name = $session -> table_name().

4.32 - Tuesday, June 17, 2008
    * FIX: Packaging of 4.31 release was botched.

4.31 - Tuesday, June 10, 2008
    * FIX: Patch CGI::Session::Driver::DBI to check that the DBI handle still \ 
exists before trying
           to ping it. This handles the case where the DBI object is destroyed \ 
before the session object.
           See RT#35925.
    * FIX: Patch CGI::Session::Driver::DBI's remove() which still hard-coded the \ 
column name 'id' instead
           of using the new feature which allows the user to specify the name of \ 
the column. See RT#36235.
    * FIX: Patch POD yet again to emphasize that an explicit call to destroy() \ 
should be followed by
           explicit call to flush(), in particular in the case where the program \ 
is not exiting and
           hence auto-flushing is not activated. Sections patched are 'A Warning \ 
about Auto-flushing'
           and the docs for delete(). See RT#34668.

4.30 - Friday, April 25, 2008

    * FIX: Patch POD for CGI::Session in various places, to emphasize even more \ 
that auto-flushing is
           unreliable, and that flush() should always be called explicitly \ 
before the program exits.
           The changes are a new section just after SYNOPSIS and DESCRIPTION, \ 
and the PODs for flush(),
           and delete(). See RT#17299 and RT#34668
    * NEW: Add t/new_with_undef.t and t/load_with_undef.t to explicitly \ 
demonstrate the effects of
           calling new() and load() with various types of undefined or fake \ 
parameters. See RT#34668
    * FIX: Patch POD for new() and load() to clarify the result of calling these \ 
with undef, or with
           an initialized CGI object with an undefined or fake CGISESSID. See \ 
RT#34668.
           Specifically: You are strongly advised to run the old-fashioned
           'make test TEST_FILES=t/new_with_undef.t TEST_VERBOSE=1' or the \ 
new-fangled
           'prove -v t/new_with_undef.t', for both new*.t and load*.t, and \ 
examine the output
    * FIX: Patch POD in various tiny ways to improve the grammar

4.29_2 - Thursday, March 27, 2008

    * FIX: stop ExtUtils::MakeMaker trying to create Build.PL (Ron Savage)
    * FIX: Disable trying to use utf8 in tests. (Ron Savage) Ref RT#21981, RT#28516

4.29_1 - Saturday, March 15, 2008

    Special Thanks to Ron Savage who did the bulk of the work to put this \ 
release together.

    * FIX: Patch CGI::Session to fix RT#29138 (Patch by Barry Friedman)
    * NEW: Add a note to CGI::Session's POD referring to utf8 problems, and \ 
include references
           to RT#21981 (Reported by erwan) and RT#28516 (Reported by jasoncrowther)
    * FIX: Patch CGI::Session::Driver::DBI.pm to fix RT#24601 (Patch by latypoff)
    * FIX: Patch CGI::Session::Driver::DBI.pm to fix RT#24355 (Reported by \ 
fenlisesi, patch by Ron Savage)
	* NEW: Add t/bug24285.t to ensure session data files are created properly when \ 
the user specifies a
           directory other than /tmp (Reported by William Pearson RT#24285, \ 
patch by Ron Savage)
    * FIX: Patch t/ip_matches.t and t/bug21592.t to remove test files left in \ 
/tmp, to fix RT#29969
           (Reported by ANDK, patch by Ron Savage)
    * FIX: Patch POD for CGI::Session::Driver::file to clarify how to use the \ 
option to change the
           file name pattern used to created session files (Report by appleaday \ 
RT#33635,
           patch by Ron Savage)
    * FIX: Patch CGI::Session::Driver::sqlite to add sub DESTROY to fix RT#32932
           (Patch by Alexander Batyrshin, corrected by Ron Savage)
    * FIX: Remove CGI::Session::Seralize::json and t/g4_dbfile_json.t until such \ 
time as this code
           can be made to work reliably. Both JSON::Syck and JSON::XS have been \ 
tried, and in both
           cases t/g4_dbfile_json.t dies horribly (but differently). Patch POD \ 
for CGI::Session to
           remove references to JSON. RT#25325 (Reported by bkw, patch by Ron Savage)
    * NEW: Patch CGI::Session's POD and load() to allow the session/cookie name \ 
default of CGISESSID
           to be overridden. (Patch by Lee Carmichael RT#33437, reformatted by \ 
Ron Savage). Lee has
           also patched t/name.t to test the new functionality
    * NEW: Split CGI::Session::Serialize::yaml out into its own distro. Get it \ 
hot from CPAN!
    * NEW: Add Build.PL for Module::Build users. This also requires adding \ 
PL_FILES => {}
           to Makefile.PL to beat ExtUtils::MakeMaker over the head, otherwise \ 
it executes
           'perl Build.PL Build'
    * NEW: Support specification of both the id column name and the a_session \ 
column name in the
           sessions table, by extending the options acceptable in \ 
CGI::Session->new(..,..,{here}).
           Allow:   {TableName => 'session',  IdColName => 'my_id', \ 
DataColName => 'my_data'}.
           Default: {TableName => 'sessions', IdColName => 'id',    \ 
DataColName => 'a_session'}.
           Allow any 1, 2 or 3 of these options. Missing keys default as specified.
           (Patch by Chris RT#2224. Implemented differently by Ron Savage). \ 
Supported drivers:
           o MySQL (native to CGI::Session)
           o ODBC (separate distro, CGI::Session::Driver::odbc V 1.01)
           o Oracle (separate distro, CGI::Session::Driver::oracle V 1.01)
           o Postgres (native)
           o SQLite (native)