- Catch invalid
cookie.maxAge
value earlier - Deprecate setting
cookie.maxAge
to aDate
object - Fix issue where
resave: false
may not save altered sessions - Remove
utils-merge
dependency - Use
safe-buffer
for improved Buffer API - Use
Set-Cookie
as cookie header name for compatibility - deps: depd@~2.0.0
- Replace internal
eval
usage withFunction
constructor - Use instance methods on
process
to check for listeners - perf: remove argument reassignment
- Replace internal
- deps: [email protected]
- deps: parseurl@~1.3.2
- perf: reduce overhead for full URLs
- perf: unroll the "fast-path"
RegExp
- deps: uid-safe@~2.1.5
- perf: remove only trailing
=
- perf: remove only trailing
- deps: [email protected]
- Fix
TypeError
whenreq.url
is an empty string - deps: depd@~1.1.1
- Remove unnecessary
Buffer
loading
- Remove unnecessary
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- Fix
DEBUG_MAX_ARRAY_LENGTH
- Fix
- deps: uid-safe@~2.1.4
- Remove
base64-url
dependency
- Remove
- deps: [email protected]
- Fix deprecation messages in WebStorm and other editors
- Undeprecate
DEBUG_FD
set to1
or2
- Fix detecting modified session when session contains "cookie" property
- Fix resaving already-saved reloaded session at end of request
- deps: [email protected]
- perf: use
Buffer.from
when available
- perf: use
- deps: [email protected]
- Allow colors in workers
- Deprecated
DEBUG_FD
environment variable - Use same color for same namespace
- Fix error when running under React Native
- deps: [email protected]
- perf: remove unreachable branch in set-cookie method
- deps: [email protected]
- Fix deprecation warning in Node.js 7.x
- deps: uid-safe@~2.1.3
- deps: [email protected]
- Fix not always resetting session max age before session save
- Fix the cookie
sameSite
option to actually alter theSet-Cookie
- deps: uid-safe@~2.1.2
- deps: [email protected]
- Correctly inherit from
EventEmitter
class inStore
base class - Fix issue where
Set-Cookie
Expires
was not always updated - Methods are no longer enumerable on
req.session
object - deps: [email protected]
- Add
sameSite
option - Improve error message when
encode
is not a function - Improve error message when
expires
is not aDate
- perf: enable strict mode
- perf: use for loop in parse
- perf: use string concatination for serialization
- Add
- deps: parseurl@~1.3.1
- perf: enable strict mode
- deps: uid-safe@~2.1.1
- Use
random-bytes
for byte source - deps: [email protected]
- Use
- perf: enable strict mode
- perf: remove argument reassignment
- Fix
rolling: true
to not set cookie when no session exists- Better
saveUninitialized: false
+rolling: true
behavior
- Better
- deps: [email protected]
- deps: [email protected]
- Fix cookie
Max-Age
to never be a floating point number
- Fix cookie
- Support the value
'auto'
in thecookie.secure
option - deps: [email protected]
- Throw on invalid values provided to
serialize
- Throw on invalid values provided to
- deps: depd@~1.1.0
- Enable strict mode in more places
- Support web browser loading
- deps: on-headers@~1.0.1
- perf: enable strict mode
- deps: [email protected]
- Slight optimizations
- deps: [email protected]
- deps: debug@~2.2.0
- deps: [email protected]
- deps: uid-safe@~2.0.0
- Fix mutating
options.secret
value
- Support an array in
secret
option for key rotation - deps: depd@~1.0.1
- deps: debug@~2.1.3
- Fix high intensity foreground color for bold
- deps: [email protected]
- deps: [email protected]
- deps: [email protected]
- Use
crypto.randomBytes
, if available - deps: [email protected]
- Use
- deps: [email protected]
- Fix error branch that would throw
- deps: [email protected]
- deps: [email protected]
- Remove dependency on
mz
- Remove dependency on
- Add
store.touch
interface for session stores - Fix
MemoryStore
expiration withresave: false
- deps: debug@~2.1.1
- Fix error when
req.sessionID
contains a non-string value
- deps: [email protected]
- Minor fixes
- Remove unnecessary empty write call
- Fixes Node.js 0.11.14 behavior change
- Helps work-around Node.js 0.10.1 zlib bug
- deps: debug@~2.1.0
- Implement
DEBUG_FD
env variable support
- Implement
- deps: depd@~1.0.0
- Use
crc
instead ofbuffer-crc32
for speed - deps: [email protected]
- Keep
req.session.save
non-enumerable - Prevent session prototype methods from being overwritten
- Do not resave already-saved session at end of request
- deps: [email protected]
- deps: debug@~2.0.0
- Fix exception on
res.end(null)
calls
- Fix parsing original URL
- deps: on-headers@~1.0.0
- deps: parseurl@~1.3.0
- Fix response end delay for non-chunked responses
- Fix
res.end
patch to call correct upstreamres.write
- deps: [email protected]
- Work-around v8 generating empty stack traces
- deps: [email protected]
- Fix exception when global
Error.stackTraceLimit
is too low
- Fix exception when global
- Improve session-ending error handling
- Errors are passed to
next(err)
instead ofconsole.error
- Errors are passed to
- deps: [email protected]
- deps: [email protected]
- Add
TRACE_DEPRECATION
environment variable - Remove non-standard grey color from color output
- Support
--no-deprecation
argument - Support
--trace-deprecation
argument
- Add
- Do not require
req.originalUrl
- deps: [email protected]
- Add support for multiple wildcards in namespaces
- Fix blank responses for stores with synchronous operations
- Fix resave deprecation message
- Fix confusing option deprecation messages
- Fix saveUninitialized deprecation message
- Add deprecation message to undefined
resave
option - Add deprecation message to undefined
saveUninitialized
option - Fix
res.end
patch to return correct value - Fix
res.end
patch to handle multipleres.end
calls - Reject cookies with missing signatures
- deps: [email protected]
- fix for timing attacks
- Move hard-to-track-down
req.secret
deprecation message
- Debug name is now "express-session"
- Deprecate integration with
cookie-parser
middleware - Deprecate looking for secret in
req.secret
- Directly read cookies;
cookie-parser
no longer required - Directly set cookies;
res.cookie
no longer required - Generate session IDs with
uid-safe
, faster and even less collisions
- Add
genid
option to generate custom session IDs - Add
saveUninitialized
option to control saving uninitialized sessions - Add
unset
option to control unsettingreq.session
- Generate session IDs with
rand-token
by default; reduce collisions - deps: [email protected]
- Add description in package for npmjs.org listing
- Integrate with express "trust proxy" by default
- deps: [email protected]
- Fix
resave
such thatresave: true
works
- Add
resave
option to control saving unmodified sessions
- Add
name
option; replacement forkey
option - Use
setImmediate
in MemoryStore for node.js >= 0.10
- deps: [email protected]
- Use
res.cookie()
instead ofres.setHeader()
- deps: [email protected]
- Add missing dependency to
package.json
- Add missing dependencies to
package.json
- Genesis from
connect