3.0.1

This release fixes an issue that prevented effective lazy-loading of the
session object. Specifically, crypto functionality was being started at
each request dispatch, while it is not needed every time.

Total issues resolved: 2

• 63: Signature validation is never delayed thanks to @lcobucci
• 64: Delay signature verification properly thanks to @lcobucci

3.0.0

3.0.0

This release contains new test, support for PHP 7.1 and a small backwards compatibility break with previous releases.

• Namespace moved from PSR7Session to PSR7Sessions\Storageless

Total issues resolved: 2

• 49: Fix bad tests caught by mutation testing
• 55: Move repository to organization

2.0.0

2.0.0

This release contains backwards compatibility breaks with previous releases.

• PSR7Session\Http\SessionMiddleware has a new mandatory parameter on its
  constructor: PSR7Session\Time\CurrentTimeProviderInterface.
• It has been introduced to make the dependency on current time explicit and
  to be able to avoid false positive in unit testing, as well as allowing to
  generate sessions with specific validity time-frames.
• Factory methods PSR7Session::fromSymmetricKeyDefaults and PSR7Session::fromAsymmetricKeyDefaults
  continue to work and they're no affected.
• Using PSR7Session\Http\SessionMiddleware constructor, it's needed to upgrade
  introducing an instance of \PSR7Session\Time\SystemCurrentTime().
• When using PSR7Session\Http\SessionMiddleware::fromSymmetricKeyDefaults()
  and PSR7Session\Http\SessionMiddleware::fromAsymmetricKeyDefaults(), the
  produced session cookie will now have a path=/ by default.

Total issues resolved: 5

• 20: Make the dependency on time explicit
• 31: Added comment for private modifier for __construct()
• 42: Disabling phpcs for scrutinizer-ci runs
• 46: Sane default for cookie path
• 44: Scrutinizer: external coverage support
• 50: Make the dependency on time explicit

1.0.2

Total issues resolved: 6

• 34: Signing key in the README doesn't have enough entropy
• 36: Added recommendation to use a CryptoKey
• 37: travis: upload coverage
• 38: Add mention about cookie replay to limitations.md
• 39: Add note about cookies as suggested by @timoh6
• 45: Correcting return type of SessionInterface#get(), which may also return a bool

1.0.1

Total issues resolved: 4

• 26: Is this suitable for running over multiple HTTP request cycles?
• 27: Added multiple dispatch cycles information to README
• 32: remove 'new' keyword in front of \PSR7Session\Http\SessionMiddleware::fromSymmetricKeyDefaults in README
• 33: Adding .gitattributes to the repository - avoiding installation of potentially harmful paths

1.0.0

Total issues resolved: 15

• 1: Fix the data getter
• 2: Implementation rewrite
• 3: Fix typo
• 4: Cleanup/test proof of concept (with advanced cookie header support)
• 5: Re-generate token only on data changes or after a certain amount of lifetime
• 6: Expire the session cookie if there previously is one (with valid token), but the data container is empty
• 7: Travis/Scrutinizer-CI
• 10: Reorganizing middleware tests
• 11: #5 Feature: regenerate token on container mutation
• 12: Make the session container lazy by default
• 13: #12 Feature - lazy sessions
• 14: #5 - Handling the expiration refresh
• 16: Correcting interaction of lazy sessions with the cookie refresh logic
• 17: Documenting config/limitations/contributing
• 19: Using lcobucci/jwt v3.1 features