E-Blah now uses sessions by default.  This is because it is more secure.  You will still need to enable them through the admin center (and then logout/in).

Most servers probably will not have the correct modules.

This is the one you'll need:

http://search.cpan.org/~sherzodr/CGI-Session-3.95/

Download the latest version, and place the CGI directory (located in /lib) inside the directory that Blah.pl resides.

After you do that, make sure that Sessions directory is created in the Prefs directory and CHMOD'd 777.

There is a new validation for the admin center which asks for your password once every three days if you are using sessions.  If you are using the old cookies format, it will NOT ask for a verification of your password.

I'll try to release 10.1.5 tomorrow.

NOTE: the OLD version of SID's is no more.  It has been completly removed.

If you logged in prior to 2 November 2006, you should logout and log back in so that you can get a session ID -- which is more secure than the older cookie login.

Last nights nightly will not allow ANYONE to login/out if they do not have the session module.  I've fixed this now, while also fixing a few other lose ends (like errors all over the place if the module was removed ).

I plan to add one more core change, and that's dealing with file security which will make sure that files get backed up before and after writes.  That is, if I can figure out a logical way to do it without putting too much load on the server.  And, as always, it'll not be on by default.  

Can you be more clear. When I unzipped the latest version,  the CGI-session-3.95 folder has  2 subfolders "session" and "t" and files such as changes, manifest, session pm file etc.

So I have to keep whole CGI-session-3.95 in directory where Blah.pl resides?

Do I have to rename the CGI-Session-3.95 to CGI?

---------

You have asked to create Sessions subfolder in prefs folder. I have to create a new subfolder or place the given sessions subfolder that came with download, available in CGI_Session-3.95??  

http://search.cpan.org/CPAN/authors/id/M/MA/MARKSTOS/CGI-Session-4.14.tar.gz

Download that.  It's under lib.

CGI-Session-4.14.tar\CGI-Session-4.14\lib

Quoted from pakodi

You have asked to create Sessions subfolder in prefs folder. I have to create a new subfolder or place the given sessions subfolder that came with download, available in CGI_Session-3.95??  

Create the directory.  You can look at 10.1.5 download for more detailed information.  

Working great here

Needs a warning this does, once enabled it cannot be removed and it can break mods as I have found out.

What?  You can turn it off.  And if it breaks mods, it's because cookies are no longer set.  

so if i use session id's will my mods no longer work?

Only the Chat and Shoutbox as they use the current eblah_un cookie value, Sessions creates a different cooikie that is encrypted.

is there a way to fix this?  i use shoutbox and chat both on my site.  or do i just need to leave sessions disabled for now?

I will post a mod soon, just testing it.

The Administrator verification has now been expanded to moderators.  Please, test this.    It should ask moderators to validate their password (and Admins now).  The verification, like always will prompt you and you will be able to hide it for 6 hours to 1 month.  It's not that naggy, and it really can help protect your forum from attack (especially on a public PC).  Single thread deletions will NOT ask for the moderator user/pass.  Only the moderator options on Message Index and the bottom of Display will ask.