HISTORY.md
9.79 KB
1.17.0 / 2019-10-10
- deps: cookie@0.4.0
- Add
SameSite=None
support
- Add
- deps: safe-buffer@5.2.0
1.16.2 / 2019-06-12
- Fix restoring
cookie.originalMaxAge
when store returnsDate
- deps: parseurl@~1.3.3
1.16.1 / 2019-04-11
- Fix error passing
data
option toCookie
constructor - Fix uncaught error from bad session data
1.16.0 / 2019-04-10
- Catch invalid
cookie.maxAge
value earlier - Deprecate setting
cookie.maxAge
to aDate
object - Fix issue where
resave: false
may not save altered sessions - Remove
utils-merge
dependency - Use
safe-buffer
for improved Buffer API - Use
Set-Cookie
as cookie header name for compatibility - deps: depd@~2.0.0
- Replace internal
eval
usage withFunction
constructor - Use instance methods on
process
to check for listeners - perf: remove argument reassignment
- Replace internal
- deps: on-headers@~1.0.2
- Fix
res.writeHead
patch missing return value
- Fix
1.15.6 / 2017-09-26
- deps: debug@2.6.9
- deps: parseurl@~1.3.2
- perf: reduce overhead for full URLs
- perf: unroll the "fast-path"
RegExp
- deps: uid-safe@~2.1.5
- perf: remove only trailing
=
- perf: remove only trailing
- deps: utils-merge@1.0.1
1.15.5 / 2017-08-02
- Fix
TypeError
whenreq.url
is an empty string - deps: depd@~1.1.1
- Remove unnecessary
Buffer
loading
- Remove unnecessary
1.15.4 / 2017-07-18
- deps: debug@2.6.8
1.15.3 / 2017-05-17
- deps: debug@2.6.7
- deps: ms@2.0.0
1.15.2 / 2017-03-26
- deps: debug@2.6.3
- Fix
DEBUG_MAX_ARRAY_LENGTH
- Fix
- deps: uid-safe@~2.1.4
- Remove
base64-url
dependency
- Remove
1.15.1 / 2017-02-10
- deps: debug@2.6.1
- Fix deprecation messages in WebStorm and other editors
- Undeprecate
DEBUG_FD
set to1
or2
1.15.0 / 2017-01-22
- Fix detecting modified session when session contains "cookie" property
- Fix resaving already-saved reloaded session at end of request
- deps: crc@3.4.4
- perf: use
Buffer.from
when available
- perf: use
- deps: debug@2.6.0
- Allow colors in workers
- Deprecated
DEBUG_FD
environment variable - Use same color for same namespace
- Fix error when running under React Native
- deps: ms@0.7.2
- perf: remove unreachable branch in set-cookie method
1.14.2 / 2016-10-30
- deps: crc@3.4.1
- Fix deprecation warning in Node.js 7.x
- deps: uid-safe@~2.1.3
- deps: base64-url@1.3.3
1.14.1 / 2016-08-24
- Fix not always resetting session max age before session save
- Fix the cookie
sameSite
option to actually alter theSet-Cookie
- deps: uid-safe@~2.1.2
- deps: base64-url@1.3.2
1.14.0 / 2016-07-01
- Correctly inherit from
EventEmitter
class inStore
base class - Fix issue where
Set-Cookie
Expires
was not always updated - Methods are no longer enumerable on
req.session
object - deps: cookie@0.3.1
- Add
sameSite
option - Improve error message when
encode
is not a function - Improve error message when
expires
is not aDate
- perf: enable strict mode
- perf: use for loop in parse
- perf: use string concatination for serialization
- Add
- deps: parseurl@~1.3.1
- perf: enable strict mode
- deps: uid-safe@~2.1.1
- Use
random-bytes
for byte source - deps: base64-url@1.2.2
- Use
- perf: enable strict mode
- perf: remove argument reassignment
1.13.0 / 2016-01-10
- Fix
rolling: true
to not set cookie when no session exists- Better
saveUninitialized: false
+rolling: true
behavior
- Better
- deps: crc@3.4.0
1.12.1 / 2015-10-29
- deps: cookie@0.2.3
- Fix cookie
Max-Age
to never be a floating point number
- Fix cookie
1.12.0 / 2015-10-25
- Support the value
'auto'
in thecookie.secure
option - deps: cookie@0.2.2
- Throw on invalid values provided to
serialize
- Throw on invalid values provided to
- deps: depd@~1.1.0
- Enable strict mode in more places
- Support web browser loading
- deps: on-headers@~1.0.1
- perf: enable strict mode
1.11.3 / 2015-05-22
- deps: cookie@0.1.3
- Slight optimizations
- deps: crc@3.3.0
1.11.2 / 2015-05-10
- deps: debug@~2.2.0
- deps: ms@0.7.1
- deps: uid-safe@~2.0.0
1.11.1 / 2015-04-08
- Fix mutating
options.secret
value
1.11.0 / 2015-04-07
- Support an array in
secret
option for key rotation - deps: depd@~1.0.1
1.10.4 / 2015-03-15
- deps: debug@~2.1.3
- Fix high intensity foreground color for bold
- deps: ms@0.7.0
1.10.3 / 2015-02-16
- deps: cookie-signature@1.0.6
- deps: uid-safe@1.1.0
- Use
crypto.randomBytes
, if available - deps: base64-url@1.2.1
- Use
1.10.2 / 2015-01-31
- deps: uid-safe@1.0.3
- Fix error branch that would throw
- deps: base64-url@1.2.0
1.10.1 / 2015-01-08
- deps: uid-safe@1.0.2
- Remove dependency on
mz
- Remove dependency on
1.10.0 / 2015-01-05
- Add
store.touch
interface for session stores - Fix
MemoryStore
expiration withresave: false
- deps: debug@~2.1.1
1.9.3 / 2014-12-02
- Fix error when
req.sessionID
contains a non-string value
1.9.2 / 2014-11-22
- deps: crc@3.2.1
- Minor fixes
1.9.1 / 2014-10-22
- Remove unnecessary empty write call
- Fixes Node.js 0.11.14 behavior change
- Helps work-around Node.js 0.10.1 zlib bug
1.9.0 / 2014-09-16
- deps: debug@~2.1.0
- Implement
DEBUG_FD
env variable support
- Implement
- deps: depd@~1.0.0
1.8.2 / 2014-09-15
- Use
crc
instead ofbuffer-crc32
for speed - deps: depd@0.4.5
1.8.1 / 2014-09-08
- Keep
req.session.save
non-enumerable - Prevent session prototype methods from being overwritten
1.8.0 / 2014-09-07
- Do not resave already-saved session at end of request
- deps: cookie-signature@1.0.5
- deps: debug@~2.0.0
1.7.6 / 2014-08-18
- Fix exception on
res.end(null)
calls
1.7.5 / 2014-08-10
- Fix parsing original URL
- deps: on-headers@~1.0.0
- deps: parseurl@~1.3.0
1.7.4 / 2014-08-05
- Fix response end delay for non-chunked responses
1.7.3 / 2014-08-05
- Fix
res.end
patch to call correct upstreamres.write
1.7.2 / 2014-07-27
- deps: depd@0.4.4
- Work-around v8 generating empty stack traces
1.7.1 / 2014-07-26
- deps: depd@0.4.3
- Fix exception when global
Error.stackTraceLimit
is too low
- Fix exception when global
1.7.0 / 2014-07-22
- Improve session-ending error handling
- Errors are passed to
next(err)
instead ofconsole.error
- Errors are passed to
- deps: debug@1.0.4
- deps: depd@0.4.2
- Add
TRACE_DEPRECATION
environment variable - Remove non-standard grey color from color output
- Support
--no-deprecation
argument - Support
--trace-deprecation
argument
- Add
1.6.5 / 2014-07-11
- Do not require
req.originalUrl
- deps: debug@1.0.3
- Add support for multiple wildcards in namespaces
1.6.4 / 2014-07-07
- Fix blank responses for stores with synchronous operations
1.6.3 / 2014-07-04
- Fix resave deprecation message
1.6.2 / 2014-07-04
- Fix confusing option deprecation messages
1.6.1 / 2014-06-28
- Fix saveUninitialized deprecation message
1.6.0 / 2014-06-28
- Add deprecation message to undefined
resave
option - Add deprecation message to undefined
saveUninitialized
option - Fix
res.end
patch to return correct value - Fix
res.end
patch to handle multipleres.end
calls - Reject cookies with missing signatures
1.5.2 / 2014-06-26
- deps: cookie-signature@1.0.4
- fix for timing attacks
1.5.1 / 2014-06-21
- Move hard-to-track-down
req.secret
deprecation message
1.5.0 / 2014-06-19
- Debug name is now "express-session"
- Deprecate integration with
cookie-parser
middleware - Deprecate looking for secret in
req.secret
- Directly read cookies;
cookie-parser
no longer required - Directly set cookies;
res.cookie
no longer required - Generate session IDs with
uid-safe
, faster and even less collisions
1.4.0 / 2014-06-17
- Add
genid
option to generate custom session IDs - Add
saveUninitialized
option to control saving uninitialized sessions - Add
unset
option to control unsettingreq.session
- Generate session IDs with
rand-token
by default; reduce collisions - deps: buffer-crc32@0.2.3
1.3.1 / 2014-06-14
- Add description in package for npmjs.org listing
1.3.0 / 2014-06-14
- Integrate with express "trust proxy" by default
- deps: debug@1.0.2
1.2.1 / 2014-05-27
- Fix
resave
such thatresave: true
works
1.2.0 / 2014-05-19
- Add
resave
option to control saving unmodified sessions
1.1.0 / 2014-05-12
- Add
name
option; replacement forkey
option - Use
setImmediate
in MemoryStore for node.js >= 0.10
1.0.4 / 2014-04-27
- deps: debug@0.8.1
1.0.3 / 2014-04-19
- Use
res.cookie()
instead ofres.setHeader()
- deps: cookie@0.1.2
1.0.2 / 2014-02-23
- Add missing dependency to
package.json
1.0.1 / 2014-02-15
- Add missing dependencies to
package.json
1.0.0 / 2014-02-15
- Genesis from
connect