** Version 0.6.4

	- Function get_path_from_request () now users REQUEST ['URL'] to
		construct request url. (thanks to Stephen Snyder).

	- If tokens have invalid value, they are deleted from the cache. 
		Previously, it was done only for expired tokens.

	- Debug logging improvements.
	 
** Version 0.6.3

	- mysqlUserFolder is now forcing basic authentication on certain ports even
		if cookies are used (so FTP can be used).

	- authorize () calls BasicUserFolder.authorize () now.

	- URL Query string is also passed in login_goto if exception is raised 
		during processing. This means that user will go to the target page 
		including parameters after login.

	- Management screen supports changing roles (thanks to Remi Houdaille).

	- Multiple roles support when creating users (thanks to Remi Houdaille).

	- Other small improvements in management screens.

	- db.py: Tables are unlocked when exception is raised.

	- Size of the username and email fields is increased to 60 in sql 
		creation script. Management dtml methods support now getting field
		sizes from cfg.py

	- New parameter mysql unix socket added.
	
	- CACHE_USER_LIFE decreased to 60 in cfg.py

** Version 0.6.2

	- If roles argument passed in validate is None, assume Anonymous.

	- Users now have role "AUTHENTICATED".

	- Two levels of debug messages.

** Version 0.6.1

	- Cookie path and domain are now configurable.

	- Security options VALIDATE_IGNORE_ROLES and VALIDATE_ONLY_ANONYMOUS.

	- QUERY_STRING is also logged.

	- Changed [] -> () in "unlock tables" call. No more problems with 
		MySQLdb 0.9.0 (thanks to  Albert Ting <alt@sonic.net>).
	
	- Cleared references to manage_cache. Also deleted reconnect option 
		from management screen.

	- Deleting users from the management screen works again.
	

** Version 0.6.0
	
	- User, session and token caching.
	
	- Fixed cookie expiration time string when locale is used. Private
		function is used instead of strftime ().

	- Tokens database now has field Realm. This prevents using a same session
		for different realms.
	
	- Added minimal expiry time for cookies.
	
	- UserDb.refresh_user () now returns status.

** Version 0.5.3
	
	- mysqlUserFolder now works with MySQLdb 0.3.2 (int -> long change). Also
		there should be no more problems with non English characters.
		mysqlUserFolder now uses MySQLdb query parameters.

	- User dtmls now set no-cache headers.

	- Logging table is changed: remote address in now logged. Also, failed
		cookie logging attempts are logged.
		This isn't final logging system, there will be more changes. 

	- user_login (): login_goto_path is passed to docLogin in case of failed
		login.

** Version 0.5.3d1
	
	- Cookie names can use realm, so users can be authenticated by multiple
		folders using different realms.

** Version 0.5.2

	- Session logging. Also, new table Log. This is still experimental,
		meta_type and size doesn't work for some objects. Table is going to
		be changed in future releases.

	- SECURITY: Fix for db.del_user (), user sessions and tokens are now
		deleted, when user is deleted. Please see MySQL database section in
		README.

	- Fix for INSTANCE_HOME installations.
	
	- Fixed error in __get_session_user (): Changing realm can lead to an
		error if there are old sessions.

	- Typing error in __setup_session () fixed.

	- Management interface improvements, thanks to 
		Andre Schubert <andre.schubert@geyer.kabeljournal.de>

	- Documentation updates.

** Version 0.5.1

	- Compliance of User and Session classes with Zope security system
		(Zope 2.2).

	- Changes in the TokenDb API: General (not just cookie) token support.

	- getUser () was not returning completely initialized user object.

	- Cookies: expire them before setting.

	- Session authentication method now checks realm.

	- SECURITY: Bugs fixed in session handling code: there was possibility
		that user was authenticated with UF using different realm.

	- Typing error in use_login (): Session was not terminated when
		authenticated user logs as another user.

	- validate (): Now, Anonymous is not authenticated when http auth is
		used.  In this case, Zope's root user folder should do the
		authentication.

	- getUser () now returns user object that is not wrapped. Don't know why
		zope wants it in this way, but otherwise there are problems.

	- User's miscdata were not deleted when user was deleted.

	- Session and user timeouts are changed.

	- DTML properties screen was not showing correct database name.
		
** Version 0.5.0

	- Complete redesign: session support, Zope 2.2, editable user dtmls.

	- Authentication process is changed.

	- MySQL tables are changed (tables Users and Roles are not changed). 

	- MiscData get function now returns default values for keys that don't
		exist.

