Skip to content

9.0.0

Compare
Choose a tag to compare
@github-actions github-actions released this 25 Jul 13:36
· 255 commits to 9.3.x since this release
9.0.0
3ce8459

Release Notes for 9.0.0

This release moves the \PSR7Sessions\Storageless\Http\SessionMiddleware constructor parameters into a more robust and easy-to-use \PSR7Sessions\Storageless\Http\Configuration object with the following API:

use Dflydev\FigCookies\SetCookie;
use Lcobucci\Clock\Clock;
use Lcobucci\JWT\Configuration as JwtConfig;
use PSR7Sessions\Storageless\Http\ClientFingerprint\Configuration as FingerprintConfig;

/** @immutable */
final class \PSR7Sessions\Storageless\Http\Configuration
{
    public function __construct(JwtConfig $jwtConfiguration);

    public function withJwtConfiguration(JwtConfig $jwtConfiguration): self;
    public function withClock(Clock $clock): self;
    public function withCookie(SetCookie $cookie): self;
    /** @param positive-int $idleTimeout */
    public function withIdleTimeout(int $idleTimeout): self;
    /** @param positive-int $refreshTime */
    public function withRefreshTime(int $refreshTime): self;
    /** @param literal-string $sessionAttribute */
    public function withSessionAttribute(string $sessionAttribute): self;
    public function withClientFingerprintConfiguration(FingerprintConfig $clientFingerprintConfiguration): self;
}

Active sessions issued with v8 are compatible with the new v9: the changes are at the API level only.

A new configuration has been added to mitigate session hijacking attacks, see the documentation at https://github.com/psr7-sessions/storageless/tree/9.0.x#session-hijacking-mitigation

This is a major release and breaks backwards compatibility.

Specifically, following changes are relevant:

[BC] REMOVED: Constant PSR7Sessions\Storageless\Http\SessionMiddleware::DEFAULT_COOKIE was removed
[BC] REMOVED: Constant PSR7Sessions\Storageless\Http\SessionMiddleware::DEFAULT_REFRESH_TIME was removed
[BC] REMOVED: Method PSR7Sessions\Storageless\Http\SessionMiddleware::fromSymmetricKeyDefaults() was removed
[BC] REMOVED: Method PSR7Sessions\Storageless\Http\SessionMiddleware::fromRsaAsymmetricKeyDefaults() was removed
[BC] REMOVED: Method PSR7Sessions\Storageless\Http\SessionMiddleware::buildDefaultCookie() was removed
[BC] CHANGED: The parameter $configuration of PSR7Sessions\Storageless\Http\SessionMiddleware#__construct() changed from Lcobucci\JWT\Configuration to a non-contravariant PSR7Sessions\Storageless\Http\Configuration

9.0.0

  • Total issues resolved: 0
  • Total pull requests resolved: 6
  • Total contributors: 1

bug

enhancement

documentation

BC break,enhancement