security-procs: - fix broken comparisons when "UseHostnameDomainforReg" is set (see also issue #3293). - don't use string match/regesub when manipulating URLs (causes troubles with IP-literal notation). Instead, us "eq" or "util::split_location"/"util::join_location" - added means to ease debugging of login_urls and login_cookie: variables "::security::log(login_url)" and "::security::log(login_cookie)" contain the log severity. by setting these to e.g. "notice", this does not require to activate full debugging (setting severity to debug) in order to obtain log output.
- address bug #3293: actual code in oacs-5-9 used full host header (from request header fields) which might contain port. db-query is now performed without the optional port - improve Tcl coding (use defaults, break long lines)