v10.0.0

Notable Changes

Express-Session Compatibility

It increase the compatibility of @fastify/session by allowing using input of cookiePrefix #113, preventing sessionId #129 and encryptedSessionId #134 to be stored in session store, etc.

Thanks to the great work of @rclmenezes and @Uzlopak

Performance

Performance of id generation #123 has been improved 25% - 30%. Thanks to @Uzlopak works.

Security

The verification of cookie path #169 is changed to match the RFC specification.
It stricter than before and avoid the wrong cookie slap in.
For exmaple, cookie path /docs with request path /docs-oh-no

Refactor on code

The structure of code-base has been reorganized and the files do not scattered on top-level folder anymore.
It greatly improve the readability of the modules.

What's Changed

• feat: Update benchmark. by @ShogunPanda in #91
• ci: migrate to fastify reusable workflow by @Fdawgs in #90
• build(deps-dev): bump fastify-cookie from 5.6.1 to 5.7.0 by @dependabot in #92
• docs(readme): remove snyk badge by @Fdawgs in #93
• chore(.gitignore): use updated skeleton template by @Fdawgs in #96
• build(deps-dev): bump @types/node from 17.0.45 to 18.0.0 by @dependabot in #97
• build(deps-dev): bump tsd from 0.20.0 to 0.21.0 by @dependabot in #98
• build(deps-dev): bump tsd from 0.21.0 to 0.22.0 by @dependabot in #102
• style(types/types.test-d.ts): explicitly declare semicolon by @Fdawgs in #103
• refactor: use optional chaining by @Fdawgs in #104
• build(deps): bump fastify-plugin from 3.0.1 to 4.0.0 by @dependabot in #105
• remove metadata.js by @Uzlopak in #107
• separate lint from npm test script, activate lint and license-check in ci pipeline by @Uzlopak in #108
• refactor unit tests, replace ava with tap, remove undici and typescript as devDependencies by @Uzlopak in #109
• move benchmark to corresponding folder, slim it down by @Uzlopak in #110
• tap should only run test.js files by @Uzlopak in #115
• Clean up tests by @rclmenezes in #117
• Add missing documentation for README.md by @rclmenezes in #116
• Simplify shouldSaveSession code a little bit by @rclmenezes in #119
• Move expires from session to session.cookies by @rclmenezes in #120
• refactor store to es6 class by @Uzlopak in #122
• simplify callback typing by @Uzlopak in #124
• Add cookiePrefix as an option to allow for compatibility with express-session by @rclmenezes in #113
• perf: improve idgenerator (about 25-30 % faster) by @Uzlopak in #123
• chore: remove addDataToSession by @Uzlopak in #127
• add autocannon example by @Uzlopak in #128
• feat: use @fastify/cookie-signer-logic for signing and unsigning by @Uzlopak in #129
• move signer require into ensureDefaults by @Uzlopak in #130
• fix unit test by @Uzlopak in #132
• fix lgtm alert by @Uzlopak in #133
• Remove session id round 4 by @rclmenezes in #134
• simplify getExpires, export getExpires from cookie by @Uzlopak in #135
• remove internal used session restore() function by @Uzlopak in #136
• Revert "refactor store to es6 class" by @Uzlopak in #138
• remove sinon as dev dependency by @Uzlopak in #139
• add redis example by @Uzlopak in #142
• add pre-commit by @Uzlopak in #145
• add unit test for maxAge by @Uzlopak in #144
• create a separate unit test file for memorystore by @Uzlopak in #150
• rename secret.test.js to fastifySession.checkOptions.test.js and refactor it by @Uzlopak in #151
• prevent encryptedSessionId from being stored in the sessionStore by @Uzlopak in #143
• use maxAge over expires by @Uzlopak in #152
• build(deps-dev): bump tsd from 0.22.0 to 0.23.0 by @dependabot in #153
• Resave session cookie if saveUninitialized is false and rolling is true by @rclmenezes in #149
• rename session to fastifySession by @Uzlopak in #160
• Make it possible to call save() in decryptSession by @Uzlopak in #161
• Implement originalMaxAge by @Uzlopak in #162
• Remove deprecation notice for fastify-Instance decryptSession by @shrihari-prakash in #164
• add typings for decryptSession by @Uzlopak in #165
• simplify cookie handling by @Uzlopak in #166
• minor cosmetic change by @Uzlopak in #167
• ensure that secure false is not overwritten by null by @Uzlopak in #168
• security: verify path of cookie/session by @Uzlopak in #169

New Contributors

• @ShogunPanda made their first contribution in #91
• @Uzlopak made their first contribution in #107
• @rclmenezes made their first contribution in #117
• @shrihari-prakash made their first contribution in #164

Full Changelog: v9.0.0...v10.0.0

v9.0.0

What's Changed

• build(deps-dev): bump sinon from 13.0.2 to 14.0.0 by @dependabot in #88
• update to Fastify v4 by @mcollina in #89

New Contributors

• @mcollina made their first contribution in #89

Full Changelog: v8.2.0...v9.0.0

v8.2.0

What's Changed

• build(deps-dev): bump undici from 4.16.0 to 5.0.0 by @dependabot in #82
• build(deps): bump actions/checkout from 2 to 3 by @dependabot in #81
• feat: add support for handling previously-signed cookies by @wilkmaia in #86
• build(deps-dev): bump standard from 16.0.4 to 17.0.0 by @dependabot in #87

New Contributors

• @wilkmaia made their first contribution in #86

Full Changelog: v8.1.0...v8.2.0

v8.1.0

What's Changed

• build(deps-dev): bump tsd from 0.19.1 to 0.20.0 by @dependabot in #83
• chore: add "benchmark" by @SimenB in #84
• feat: remove stale cookies by @SimenB in #79
• feat: only save session to storage when it changes by @SimenB in #80

Full Changelog: v8.0.0...v8.1.0

v8.0.0

What's Changed

• feat: add destroy, save and reload to session instance by @SimenB in #77
• feat: Promise API by @SimenB in #78

Full Changelog: v7.0.0...v8.0.0

v7.0.0

Breaking Changes

• Drop Node 10 Support
• Change function argument of Session#regenerate

What's Changed

• fix: remove request argument from Session#regenerate by @SimenB in #75

Full Changelog: v6.5.1...v7.0.0

v6.5.2

This release revert the breaking changes that should not be included.

What's Changed

• Revert "major: drop node 10 and ava update (#65)" (#76) by @climba03003 in #76

Full Changelog: v6.5.1...v6.5.2

v6.5.1

DO NOT USE THIS VERSION, IT CONTAIN BREAKING CHANGES

What's Changed

• major: drop node 10 and ava update by @ramonmulia in #65
• feat: replace got by undici by @zekth in #67
• fix: regex limitation by @zekth in #68
• fix(types): error is optional, and session data always exists by @SimenB in #74

New Contributors

• @ramonmulia made their first contribution in #65

Full Changelog: v6.5.0...v6.5.1

v6.5.0

What's Changed

• build: reduce dependabot update frequency by @Fdawgs in #57
• build(deps): bump fastify/github-action-merge-dependabot from 2.7.1 to 3 by @Fdawgs in #59
• build(deps): bump actions/setup-node from 2 to 3 by @dependabot in #60
• Docs: typescript issues with some express-session compatible stores by @lokshunhung in #40
• fix (types): fix callbacks types and ensure compatibility with express-session stores by @darkgl0w in #61
• idGenerator request object (#62) by @Legolaszstudio in #64

New Contributors

• @darkgl0w made their first contribution in #61
• @Legolaszstudio made their first contribution in #64

Full Changelog: v6.4.0...v6.5.0

v6.4.0

What's Changed

• feat: session cookie opts by @zbo14 in #53

New Contributors

• @zbo14 made their first contribution in #53

Full Changelog: v6.3.0...v6.4.0