- Fix not always resetting session max age before session save
- Fix the cookie
sameSite
option to actually alter theSet-Cookie
- deps: uid-safe@~2.1.2
- deps: base64-url@1.3.2
- Correctly inherit from
EventEmitter
class inStore
base class - Fix issue where
Set-Cookie
Expires
was not always updated - Methods are no longer enumerable on
req.session
object - deps: cookie@0.3.1
- Add
sameSite
option - Improve error message when
encode
is not a function - Improve error message when
expires
is not aDate
- perf: enable strict mode
- perf: use for loop in parse
- perf: use string concatination for serialization
- Add
- deps: parseurl@~1.3.1
- perf: enable strict mode
- deps: uid-safe@~2.1.1
- Use
random-bytes
for byte source - deps: base64-url@1.2.2
- Use
- perf: enable strict mode
- perf: remove argument reassignment
- Fix
rolling: true
to not set cookie when no session exists- Better
saveUninitialized: false
+rolling: true
behavior
- Better
- deps: crc@3.4.0
- deps: cookie@0.2.3
- Fix cookie
Max-Age
to never be a floating point number
- Fix cookie
- Support the value
'auto'
in thecookie.secure
option - deps: cookie@0.2.2
- Throw on invalid values provided to
serialize
- Throw on invalid values provided to
- deps: depd@~1.1.0
- Enable strict mode in more places
- Support web browser loading
- deps: on-headers@~1.0.1
- perf: enable strict mode
- deps: cookie@0.1.3
- Slight optimizations
- deps: crc@3.3.0
- deps: debug@~2.2.0
- deps: ms@0.7.1
- deps: uid-safe@~2.0.0
- Fix mutating
options.secret
value
- Support an array in
secret
option for key rotation - deps: depd@~1.0.1
- deps: debug@~2.1.3
- Fix high intensity foreground color for bold
- deps: ms@0.7.0
- deps: cookie-signature@1.0.6
- deps: uid-safe@1.1.0
- Use
crypto.randomBytes
, if available - deps: base64-url@1.2.1
- Use
- deps: uid-safe@1.0.3
- Fix error branch that would throw
- deps: base64-url@1.2.0
- deps: uid-safe@1.0.2
- Remove dependency on
mz
- Remove dependency on
- Add
store.touch
interface for session stores - Fix
MemoryStore
expiration withresave: false
- deps: debug@~2.1.1
- Fix error when
req.sessionID
contains a non-string value
- deps: crc@3.2.1
- Minor fixes
- Remove unnecessary empty write call
- Fixes Node.js 0.11.14 behavior change
- Helps work-around Node.js 0.10.1 zlib bug
- deps: debug@~2.1.0
- Implement
DEBUG_FD
env variable support
- Implement
- deps: depd@~1.0.0
- Use
crc
instead ofbuffer-crc32
for speed - deps: depd@0.4.5
- Keep
req.session.save
non-enumerable - Prevent session prototype methods from being overwritten
- Do not resave already-saved session at end of request
- deps: cookie-signature@1.0.5
- deps: debug@~2.0.0
- Fix exception on
res.end(null)
calls
- Fix parsing original URL
- deps: on-headers@~1.0.0
- deps: parseurl@~1.3.0
- Fix response end delay for non-chunked responses
- Fix
res.end
patch to call correct upstreamres.write
- deps: depd@0.4.4
- Work-around v8 generating empty stack traces
- deps: depd@0.4.3
- Fix exception when global
Error.stackTraceLimit
is too low
- Fix exception when global
- Improve session-ending error handling
- Errors are passed to
next(err)
instead ofconsole.error
- Errors are passed to
- deps: debug@1.0.4
- deps: depd@0.4.2
- Add
TRACE_DEPRECATION
environment variable - Remove non-standard grey color from color output
- Support
--no-deprecation
argument - Support
--trace-deprecation
argument
- Add
- Do not require
req.originalUrl
- deps: debug@1.0.3
- Add support for multiple wildcards in namespaces
- Fix blank responses for stores with synchronous operations
- Fix resave deprecation message
- Fix confusing option deprecation messages
- Fix saveUninitialized deprecation message
- Add deprecation message to undefined
resave
option - Add deprecation message to undefined
saveUninitialized
option - Fix
res.end
patch to return correct value - Fix
res.end
patch to handle multipleres.end
calls - Reject cookies with missing signatures
- deps: cookie-signature@1.0.4
- fix for timing attacks
- Move hard-to-track-down
req.secret
deprecation message
- Debug name is now "express-session"
- Deprecate integration with
cookie-parser
middleware - Deprecate looking for secret in
req.secret
- Directly read cookies;
cookie-parser
no longer required - Directly set cookies;
res.cookie
no longer required - Generate session IDs with
uid-safe
, faster and even less collisions
- Add
genid
option to generate custom session IDs - Add
saveUninitialized
option to control saving uninitialized sessions - Add
unset
option to control unsettingreq.session
- Generate session IDs with
rand-token
by default; reduce collisions - deps: buffer-crc32@0.2.3
- Add description in package for npmjs.org listing
- Integrate with express "trust proxy" by default
- deps: debug@1.0.2
- Fix
resave
such thatresave: true
works
- Add
resave
option to control saving unmodified sessions
- Add
name
option; replacement forkey
option - Use
setImmediate
in MemoryStore for node.js >= 0.10
- deps: debug@0.8.1
- Use
res.cookie()
instead ofres.setHeader()
- deps: cookie@0.1.2
- Add missing dependency to
package.json
- Add missing dependencies to
package.json
- Genesis from
connect