added ENV variable DB_SESSIONS to force dev server to use db instead of file store for sessions; moved _update_session_userid flag to top of block in cgiapp_prerun so only have to set it once for both new logins & re-authenication after timeout & removed it from _create_user_profile()

set flag in cgiapp_prerun() to update sessions.userid on re-authentication after a session timeout, as session is deleted & re-created (without userid) - still needs more worksvk_diff

added ability to p.m. users in "who's logged in" page; modified M::Base::get_objects_with() to use same logic as M::Base::get_objects()

added ability to restrict non-network users to own records; added missing _debug_path() to controller methods

changed result_summary_opts from AoA to HoA in C::Roles::ResultHandler::process_raw_lab_test_data() to make hadnling optgroup in template easier; result/default.tt handles optgroup and numerical order in construction of select menus; re-authentication sets flash message if user email address empty; fixed some html syntax errors in templates

modified LIMS::cgiapp_prerun() to check for new messages after re-authentication - will mainly benefit external users where idle timeout equals ajax poll new msgs frequency, so will never see ajax notification

patched search constraints error - date_before/after -> all_before/after + validation definition; changed some instances of User::get_user_details to User::get_user_by_username in controllers; added 'query_args' to get_page() js function in date_constraints.tt to allow eg sort_by params to be passed to date constraint constructors

modified diagnosis revisions to group by reviser & reporter

added outbound messages to user message centre; grouped users into optgroups in new message function

moved authen_config from lims_config.pl to main LIMS app - CUSTOM callback doesn't work when cfg loaded using Class::Singleton instance; modified idle timeout function to automatically load logged-in username in login screen, so only passwd required, and added link to logout if different user; cgiapp_prerun checks form param username matches authen username; added region_code back to user_locations + admin functions

moved authen_config from lims_config.pl to main LIMS app - CUSTOM callback doesn't work when cfg loaded using Class::Singleton instance; modified idle timeout function to automatically load logged-in username in login screen, so only passwd required, and added link to logout if different user; cgiapp_prerun checks form param username matches authen; added region_code back to user_locations + admin functions

moved login.tt from site to login/default.tt; used authen->is_new_login to redirect to C::Login::hello(); moved code to generate new diagnosis list from LIMS::_create_user_profile() to C::Login::hello(); new db table user_message + DB class

moved LOGIN_SESSION_TIMEOUT 'CUSTOM' code to custom_timeout() sub; C::Admin::User::update_user_details() retrieves new user.id to fix (recent) uninitialized val warning in permissions.t; added debug.log fh to L::Local::Debug::DEBUG(); added 'function' object to M::User::get_user_permissions() to save multiple db lookups

authen_cfg LOGIN_SESSION_TIMEOUT sets timeout value according to user location (ie lab staff or guest user)

enabled request options (urgent, private & copy_to) in search function; moved Devel::Cycle function from LIMS to L::Local::DevelCycle