Nothing changed yet.
Drop support for Python 2.7, 3.5, 3.6.
Add support for Python 3.11.
Add support for Python 3.5, 3.9, 3.10.
Fix inconsistent resolution order with zope.interface v5.
Add support for Python 3.8.
Drop support for Python 3.4 and 3.5.
Add support for Python 3.7.
Host documentation at https://zopesession.readthedocs.io
Add support for Python 3.5 and 3.6.
Drop support for Python 2.6 and 3.3
Reach 100% code coverage and maintain it via tox.ini and Travis CI.
Add support for PyPy and PyPy3.
Add support for Python 3.4.
Add support for testing on Travis.
Fix test that fails on any timezone east of GMT
Add support for Python 3.3
zope.component.adaptsusage with equivalent
zope.interface.implementsusage with equivalent
Drop support for Python 2.4 and 2.5.
LP #824355: enable support for HttpOnly cookies.
Fix a bug in
zope.session.session.Sessionthat would trigger an infinite loop if either iteration or a containment test were attempted on an instance.
Add an explicit
providesto the IClientId adapter declaration in adapter.zcml.
Add option to disable implicit sweeps in PersistentSessionDataContainer.
Add test extra to declare test dependency on
doctestmodule instead of depreacted
Fix Python 2.4 hmac compatibility issue by only using hashlib in Python versions 2.5 and above.
Use the CookieClientIdManager’s secret as the hmac key instead of the message when constructing and verifying client ids.
Make it possible to construct CookieClientIdManager passing cookie namespace and/or secret as constructor’s arguments.
Use zope.schema.fieldproperty.FieldProperty for “namespace” attribute of CookieClientIdManager, just like for other attributes in its interface. Also, make ICookieClientIdManager’s “namespace” field an ASCIILine, so it accepts only non-unicode strings for cookie names.
Restore compatibility with Python 2.4.
Don’t raise deprecation warnings on Python 2.6.
Drop dependency on
zope.annotation. Instead, we make classes implement
IAttributeAnnotatablein ZCML configuration, only if
zope.annotationis available. If your code relies on annotatable
PersistentSessionDataContainerand you don’t include the zcml classes configuration of this package, you’ll need to use
zope.interfaceto make those classes implement
Drop dependency on zope.app.http, use standard date formatting function from the
Zope 3 application bootstrapping code for session utilities was moved into zope.app.appsetup package, thus drop dependency on zope.app.appsetup in this package.
Drop testing dependencies, as we don’t need anything behind zope.testing and previous dependencies was simply migrated from zope.app.session before.
Remove zpkg files and zcml slugs.
Update package’s description a bit.
Add an ability to set cookie effective domain for CookieClientIdManager. This is useful for simple cases when you have your application set up on one domain and you want your identification cookie be active for subdomains.
Python 2.6 compatibility change. Encode strings before calling hmac.new() as the function no longer accepts the unicode() type.
Add missing test dependency on
Specify i18n_domain for titles in apidoc.zcml
ZODB 3.9 no longer contains ZODB.utils.ConflictResolvingMappingStorage, fixed tests, so they work both with ZODB 3.8 and 3.9.
Added a ‘postOnly’ option on CookieClientIdManagers to only allow setting the client id cookie on POST requests. This is to further reduce risk from broken caches handing the same client id out to multiple users. (Of course, it doesn’t help if caches are broken enough to cache POSTs.)
Added a ‘secure’ option on CookieClientIdManagers to cause the secure set-cookie option to be used, which tells the browser not to send the cookie over http.
This provides enhanced security for ssl-only applications.
Only set the client-id cookie if it isn’t already set and try to prevent the header from being cached. This is to minimize risk from broken caches handing the same client id out to multiple users.
Remove ConflictErrors caused on SessionData caused by setting
Split up the ZCML to make it possible to re-use more reasonably.
Change the default session “resolution” to a sane value and document/test it.
Fixed some meta data and switch to tgz release.
Moved parts from
zope.app.sessionto this packages