== 0.10.4 released 2008-10-31 * Changed configuration to use inheritable attributes * Cleaned up requires to be in their proper files * Added in scope support. == 0.10.3 released 2008-10-31 * Instead of raising an error when extra fields are passed in credentials=, just ignore them. * Added remember_me config option to set the default value. * Only call credential methods if an argument was passed. * More unit tests * Hardened automatic session updating. Also automatically log the user in if they change their password when logged out. == 0.10.2 released 2008-10-24 * Added in stretches to the default Sha512 encryption algorithm. * Use column_names instead of columns when determining if a column is present. * Improved validation callbacks. after_validation should only be run if valid? = true. Also clear errors before the "before_validation" callback. == 0.10.1 released 2008-10-24 * Sessions now store the "remember token" instead of the id. This is much safer and guarantees all "sessions" that are logged in are logged in with a valid password. This way stale sessions can't be persisted. * Bumped security to Sha512 from Sha256. * Remove attr_protected call in acts_as_authentic * protected_password should use pasword_field configuration value * changed magic state "inactive" to "active" == 0.10.0 released 2008-10-24 * Do not allow instantiation if the session has not been activated with a controller object. Just like ActiveRecord won't let you do anything without a DB connection. * Abstracted controller implementation to allow for rails, merb, etc adapters. So this is not confined to the rails framework. * Removed create and update methods and added save, like ActiveRecord. * after_validation should be able to change the result if it adds errors on callbacks. * Completed tests. == 0.9.1 released 2008-10-24 * Changed scope to id. Makes more sense to call it an id and fits better with the ActiveRecord model. * Removed saving_from_session flag, apparently it is not needed. * Fixed updating sessions to make more sense and be stricter. * change last_click_at to last_request_at * Only run "after" callbacks if the result is successful. == 0.9.0 released 2008-10-24 * Initial release.