Releases: maxcountryman/tower-sessions
Releases · maxcountryman/tower-sessions
v0.5.0
What's Changed
Breaking Changes
- Use a default session name of "id" to avoid fingerprinting, as per https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#session-id-name-fingerprinting.
Note that applications using the old default, "tower.sid", may continue to do so without disruption by specifying with_name("tower.sid")
.
Full Changelog: v0.4.3...v0.5.0
v0.4.3
Important Security Fix
If your application uses MokaStore
or MemoryStore
, please update immediately to ensure proper server-side handling of expired sessions.
What's Changed
- Make
HttpOnly
configurable by @DominicWrege in #81 - Ensure memory and Moka store persist expiry. #82
New Contributors
- @DominicWrege made their first contribution in #81
Full Changelog: v0.4.2...v0.4.3
v0.4.2
What's Changed
Provide tracing instrumentation. #72
Ensure non-negative max-age. #79
Full Changelog: v0.4.1...v0.4.2
v0.4.1
What's Changed
- Fix lifecycle state persisting in stores when it should not. #71
Full Changelog: v0.4.0...v0.4.1
v0.4.0
What's Changed
Breaking Changes
- Sessions are serialized and deserialized from stores directly and
SessionRecord
is removed. - Expiration time has been replaced with an expiry type. #60
- Drop session-prefix from session types. #62
- The session
modified
method is renamed tois_modified
. - Session active semantic is now defined by stores and the
active
method removed. #65 and #69 - Service now contains session configuration and
CookieConfig
is removed. #67 - Deletion task is now provided via the
deletion-task
feature flag. #70
Full Changelog: v0.3.3...v0.4.0
v0.3.3
What's Changed
- Ensure loaded sessions are removed whenever they can be; do not couple removal with session saving.
Full Changelog: v0.3.2...v0.3.3
v0.3.2
What's Changed
- Implement reference-counted garbage collection for loaded sessions. #52
- Make SessionId's UUID public. #53
Full Changelog: v0.3.0...v0.3.2
v0.3.1
What's Changed
- Use
DashMap
entry API to address data race introduced by dashmap. #41
Full Changelog: v0.3.0...v0.3.1
v0.3.0
What's Changed
Breaking Changes
tokio
feature flag is nowtokio-rt
.- Session IDs are returned as references now.
Other Changes
- Update
fred
to 7.0.0. - Track loaded sessions to enable concurrent access. #37
Full Changelog: v0.2.4...v0.3.0