gustafn in OpenACS

add index for bulk mail sweeper. was already #10 on sequential reads on learn

allow passing of pretty_names that contain content including less and greater sign

fix overquoting in notification-widget

    • -1
    • +1
    • -1
    • +1
    • -1
    • +1
improve log messages

don't load deleted messages into the cache and drop conceptually broken parameter

Speed up referential integrity by avoiding sequential scans

fix documentation bug #3369

add procdic for private function

Cookie security reform:

- fix handling of persistent logins while addressing problems of last commits

- increase usage of try/throw to be able to distinguish exceptions

- fix handling of LoginTimeout 0 in cryptographic expiration

- use [ad_conn behind_secure_proxy_p] on more occasions, where

security::secure_conn_p is used (maybe fold these together in the future)

- new private proc security::log to ease debugging of cookie management

- further improved documentation

    • -126
    • +197
improve comments

whitespace changes

prefer dict over Tcl array

reduce redundant lookups in auth::check_local_account_status

- fix serveral documentation bugs (align decumentation with implementation)

- use "throw" as well for invalid cookies (in addition to non-existent cookies)

remove unneeded feature (see issue #3364)

fix brken verison (see issue #3366)

improve indentation

fix for bug #3367 (many thanks to Rainer Bachleitner)

document parameter consitently concerning required server restarts

add session_id invalidation

treat behind_secure_proxy_p like security::secure_conn_p for useing secure cookies in general and for the secure login cookie

use secure token when running behind a secure proxy the same way as when running directly a secure session

Don't trust value of login_level just on basis of the session cookie

improve comment and provide warning, when kernel parameter is overruled

modernize exception handling: use proper try/throw instead of swallowing "catch"

call sec_login_handler instead of just sec_generate_session_id_cookie, since otherwise, cryptographically valid session cookie could be used without a ad_login_cookie

prefer https over http on request going to

- fix caching bug, when urls are retrieved via object_ids, and packages are unmounted

- make code more robust

- extend regression tests

use "partition_name" rather than "partions_name" as variable name

CVS: ----------------------------------------------------------------------

whitespace changes

improve robustness of API browser when trying to browse non-existing objects