We want to allow delayed-response code to run before we decide whether to
do things like expiring the session cookie. If session finalization is run
before then, any session settings made by delayed code will be ignored.
The previous implementation (a specialization on FINALIZE-STATE for
function responses) is insufficient, because while the expiration itself is
deferred, the decision whether to expire the session is still performed
befored delayed-response code has run.
The reader conditional for using quicklisp code only does half the job. You
will still get unpleasant build errors with the following common scenario:
1. The user loads this library, once, with quicklisp. The reader
condition selects the quicklisp loader code.
2. ASDF caches a fasl file for this code, which uses the quicklisp
functions.
3. The user loads this library again, without quicklisp.
4. ASDF loads the cached fasl, which refers to symbols in packages that
don't exist in the current image, badness ensues.
This change avoids all read-time references to symbols in quicklisp by
looking up the symbols in question at run time. The symbol lookups go out
of their way to give good error messages if a symbol can't be found, since
FUNCALL-ing NIL doesn't tell you anything very helpful. The error type is
checked dynamically by using a HANDLER-BIND that traps every condition --
conditions of other types simply go unhandled, and are propagated normally.
The reader conditional has been replaced by a run-time features check, so
ASDF/quicklisp will be used based on what's present at the time the system
is loaded, and not what was available the first time this library was
loaded.
This change was made to make possible to write a function which will rebuild an original URI, used for a request.
Also lack.test:generate-env function was modified to work with fully qualified URIs. When you pass it something like https://example.com/foo/bar, it will set host and port of environment to example.com and 433.
This is useful for mocking requests, pretending that request was made to some particular host.
Previously COMMIT was generating a new id for the session but not
communicating it to the caller, so when FINALIZE-STATE was called it
resent the old id to the client and the session was lost (the leak).
Instead, generate the (possibly) new id in FINALIZE and pass it to
COMMIT and FINALIZE-STATE, which will send the new id to the client.
