4 * Fix internal method wrapping error on failed reloads
10 - Add `SameSite=None` support
11 * deps: safe-buffer@5.2.0
16 * Fix restoring `cookie.originalMaxAge` when store returns `Date`
17 * deps: parseurl@~1.3.3
22 * Fix error passing `data` option to `Cookie` constructor
23 * Fix uncaught error from bad session data
28 * Catch invalid `cookie.maxAge` value earlier
29 * Deprecate setting `cookie.maxAge` to a `Date` object
30 * Fix issue where `resave: false` may not save altered sessions
31 * Remove `utils-merge` dependency
32 * Use `safe-buffer` for improved Buffer API
33 * Use `Set-Cookie` as cookie header name for compatibility
35 - Replace internal `eval` usage with `Function` constructor
36 - Use instance methods on `process` to check for listeners
37 - perf: remove argument reassignment
38 * deps: on-headers@~1.0.2
39 - Fix `res.writeHead` patch missing return value
45 * deps: parseurl@~1.3.2
46 - perf: reduce overhead for full URLs
47 - perf: unroll the "fast-path" `RegExp`
48 * deps: uid-safe@~2.1.5
49 - perf: remove only trailing `=`
50 * deps: utils-merge@1.0.1
55 * Fix `TypeError` when `req.url` is an empty string
57 - Remove unnecessary `Buffer` loading
74 - Fix `DEBUG_MAX_ARRAY_LENGTH`
75 * deps: uid-safe@~2.1.4
76 - Remove `base64-url` dependency
82 - Fix deprecation messages in WebStorm and other editors
83 - Undeprecate `DEBUG_FD` set to `1` or `2`
88 * Fix detecting modified session when session contains "cookie" property
89 * Fix resaving already-saved reloaded session at end of request
91 - perf: use `Buffer.from` when available
93 - Allow colors in workers
94 - Deprecated `DEBUG_FD` environment variable
95 - Use same color for same namespace
96 - Fix error when running under React Native
98 * perf: remove unreachable branch in set-cookie method
104 - Fix deprecation warning in Node.js 7.x
105 * deps: uid-safe@~2.1.3
106 - deps: base64-url@1.3.3
111 * Fix not always resetting session max age before session save
112 * Fix the cookie `sameSite` option to actually alter the `Set-Cookie`
113 * deps: uid-safe@~2.1.2
114 - deps: base64-url@1.3.2
119 * Correctly inherit from `EventEmitter` class in `Store` base class
120 * Fix issue where `Set-Cookie` `Expires` was not always updated
121 * Methods are no longer enumerable on `req.session` object
123 - Add `sameSite` option
124 - Improve error message when `encode` is not a function
125 - Improve error message when `expires` is not a `Date`
126 - perf: enable strict mode
127 - perf: use for loop in parse
128 - perf: use string concatination for serialization
129 * deps: parseurl@~1.3.1
130 - perf: enable strict mode
131 * deps: uid-safe@~2.1.1
132 - Use `random-bytes` for byte source
133 - deps: base64-url@1.2.2
134 * perf: enable strict mode
135 * perf: remove argument reassignment
140 * Fix `rolling: true` to not set cookie when no session exists
141 - Better `saveUninitialized: false` + `rolling: true` behavior
148 - Fix cookie `Max-Age` to never be a floating point number
153 * Support the value `'auto'` in the `cookie.secure` option
155 - Throw on invalid values provided to `serialize`
157 - Enable strict mode in more places
158 - Support web browser loading
159 * deps: on-headers@~1.0.1
160 - perf: enable strict mode
166 - Slight optimizations
174 * deps: uid-safe@~2.0.0
179 * Fix mutating `options.secret` value
184 * Support an array in `secret` option for key rotation
191 - Fix high intensity foreground color for bold
197 * deps: cookie-signature@1.0.6
198 * deps: uid-safe@1.1.0
199 - Use `crypto.randomBytes`, if available
200 - deps: base64-url@1.2.1
205 * deps: uid-safe@1.0.3
206 - Fix error branch that would throw
207 - deps: base64-url@1.2.0
212 * deps: uid-safe@1.0.2
213 - Remove dependency on `mz`
218 * Add `store.touch` interface for session stores
219 * Fix `MemoryStore` expiration with `resave: false`
225 * Fix error when `req.sessionID` contains a non-string value
236 * Remove unnecessary empty write call
237 - Fixes Node.js 0.11.14 behavior change
238 - Helps work-around Node.js 0.10.1 zlib bug
244 - Implement `DEBUG_FD` env variable support
250 * Use `crc` instead of `buffer-crc32` for speed
256 * Keep `req.session.save` non-enumerable
257 * Prevent session prototype methods from being overwritten
262 * Do not resave already-saved session at end of request
263 * deps: cookie-signature@1.0.5
269 * Fix exception on `res.end(null)` calls
274 * Fix parsing original URL
275 * deps: on-headers@~1.0.0
276 * deps: parseurl@~1.3.0
281 * Fix response end delay for non-chunked responses
286 * Fix `res.end` patch to call correct upstream `res.write`
292 - Work-around v8 generating empty stack traces
298 - Fix exception when global `Error.stackTraceLimit` is too low
303 * Improve session-ending error handling
304 - Errors are passed to `next(err)` instead of `console.error`
307 - Add `TRACE_DEPRECATION` environment variable
308 - Remove non-standard grey color from color output
309 - Support `--no-deprecation` argument
310 - Support `--trace-deprecation` argument
315 * Do not require `req.originalUrl`
317 - Add support for multiple wildcards in namespaces
322 * Fix blank responses for stores with synchronous operations
327 * Fix resave deprecation message
332 * Fix confusing option deprecation messages
337 * Fix saveUninitialized deprecation message
342 * Add deprecation message to undefined `resave` option
343 * Add deprecation message to undefined `saveUninitialized` option
344 * Fix `res.end` patch to return correct value
345 * Fix `res.end` patch to handle multiple `res.end` calls
346 * Reject cookies with missing signatures
351 * deps: cookie-signature@1.0.4
352 - fix for timing attacks
357 * Move hard-to-track-down `req.secret` deprecation message
362 * Debug name is now "express-session"
363 * Deprecate integration with `cookie-parser` middleware
364 * Deprecate looking for secret in `req.secret`
365 * Directly read cookies; `cookie-parser` no longer required
366 * Directly set cookies; `res.cookie` no longer required
367 * Generate session IDs with `uid-safe`, faster and even less collisions
372 * Add `genid` option to generate custom session IDs
373 * Add `saveUninitialized` option to control saving uninitialized sessions
374 * Add `unset` option to control unsetting `req.session`
375 * Generate session IDs with `rand-token` by default; reduce collisions
376 * deps: buffer-crc32@0.2.3
381 * Add description in package for npmjs.org listing
386 * Integrate with express "trust proxy" by default
392 * Fix `resave` such that `resave: true` works
397 * Add `resave` option to control saving unmodified sessions
402 * Add `name` option; replacement for `key` option
403 * Use `setImmediate` in MemoryStore for node.js >= 0.10
413 * Use `res.cookie()` instead of `res.setHeader()`
419 * Add missing dependency to `package.json`
424 * Add missing dependencies to `package.json`
429 * Genesis from `connect`