Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
bunkerweb/deps/src/lua-resty-session/Changes.md
bunkerity a9f886804a bunkerweb 1.4.0
2022-06-03 17:24:14 +02:00

13 KiB
Raw Blame History

Changelog

All notable changes to lua-resty-session will be documented in this file.

[3.10] - 2022-01-14

Fixed

  • 3.9 introduced an issue where calling session:regenerate with flush=true, didn't really flush if the session strategy was regenerate.

[3.9] - 2022-01-14

Fixed

  • Fix #138 issue of chunked cookies are not expired when session shrinks, thanks @alexdowad.
  • Fix #134 where regenerate strategy destroyed previous session when calling session:regenerate, it should just ttl the old session.

Added

  • AES GCM mode support was added to AES cipher. This is recommended, but for backward compatibility it was not set as default. It will be changed in 4.0 release.
  • Redis ACL authentication is now available.
    • Add session_redis_username
    • Add session_redis_password
    • Deprecate session_redis_auth; use session_redis_password

Changed

  • Optimize Redis and Memcache storage adapters to not connect to database when not needed.

[3.8] - 2021-01-04

Added

  • Connection options are now passed to redis cluster client as well.

[3.7] - 2020-10-27

Fixed

  • Fix #107 where session.start could release a lock for a short period

Added

  • Add keep_lock argument to session.open
  • Add pluggable compressors, and implement none and zlib compressor

[3.6] - 2020-06-24

Fixed

  • Fix session:hide() to only send a single Cookie header at most as reported by @jharriman who also provided a fix with #103. Thank you!

[3.5] - 2020-05-22

Fixed

  • Fix session:hide() to not clear non-session request cookies that it seemed to do in some cases as reported by @altexy who also provided initial fix with #100. Thank you!

[3.4] - 2020-05-08

Fixed

  • Fix session_cookie_maxsize - error attempt to compare string with number, fixes #98, thank you @vavra5

Changed

  • More robust and uniform configuration parsing

[3.3] - 2020-05-06

Fixed

  • Fix set_timeouts is only called if all parameters are available, should fix #96, thank you @notdodo.

Added

  • Add $session_memcache_connect_timeout configuration option
  • Add $session_memcache_read_timeout configuration option
  • Add $session_memcache_send_timeout configuration option
  • Add $session_memcache_pool_name configuration option
  • Add $session_memcache_pool_backlog configuration option
  • Add $session_dshm_connect_timeout configuration option
  • Add $session_dshm_read_timeout configuration option
  • Add $session_dshm_send_timeout configuration option
  • Add $session_dshm_pool_name configuration option
  • Add $session_dshm_pool_backlog configuration option

[3.2] - 2020-04-30

Added

  • Support for Redis clusters
  • Add $session_redis_connect_timeout configuration option
  • Add $session_redis_read_timeout configuration option
  • Add $session_redis_send_timeout configuration option
  • Add $session_redis_pool_name configuration option
  • Add $session_redis_pool_backlog configuration option
  • Add $session_redis_cluster_name configuration option
  • Add $session_redis_cluster_dict configuration option
  • Add $session_redis_cluster_maxredirections configuration option
  • Add $session_redis_cluster_nodes configuration option

[3.1] - 2020-03-28

Added

  • A more flexible way to specify custom implementations: require "resty.session".new { storage = require "my.storage" }

[3.0] - 2020-03-27

Fixed

  • Lock releasing is a lot more robust now

Added

Changed

  • The whole codebase was refactored and simplified, especially implementing new storage adapters is now a lot easier
  • Redis and Memcached spinlockwait was changed from microseconds to milliseconds and default is set to 150 milliseconds,
  • Redis and Memcache will only release locks that current session instance holds
  • DSHM session_dshm_store was renamed to session_dshm_region
  • BASE64 encoding now strips the padding

[2.26] - 2020-02-11

Added

  • Add support for SameSite=None (#83) (thanks @bodewig)
  • Style changes (#77) (thanks @Tieske)

[2.25] - 2019-11-06

Added

  • Add SSL support for the Redis storage option (#75) (thanks @tieske)
  • DSHM storage adapter (a distributed SHM storage based on Hazelcast for Nginx) (thanks @grrolland)

[2.24] - 2019-07-09

Fixed

  • Avoid use unix socket and redis password with empty string
  • Provide session id when closing, otherwise the lock is not deleted

Added

  • Added a configuration for session cookie max size (session.cookie.maxsize)

[2.23] - 2018-12-12

Added

  • Added pluggable strategies with default and a new regenerate strategy
  • Added pluggable hmacs
  • Added session.close
  • Added ttl to storages
  • Added session.cookie.discard, a ttl how long to keep old sessions when renewing (used by regenerate strategy

[2.22] - 2018-03-17

Fixed

  • Only sets self.cookie.secure if not defined.

[2.21] - 2018-03-16

Screwed

  • Forgot to bump version number.

[2.20] - 2018-03-16

Fixed

[2.19] - 2017-09-19

Fixed

  • Fixes small bug where aes could generate invalid salt on invalid input that further crashes Lua with error: bad argument #2 to 'salt' (number expected, got no value)

[2.18] - 2017-07-10

Fixed

[2.17] - 2017-06-12

Added

  • Added session.hide() function to hide session cookies from upstream on reverse proxy scenarios.

[2.16] - 2017-05-31

Changed

  • Delays setting the defaults until needed, allowing users to safely require "resty.session" in different contexts.

[2.15] - 2017-02-13

Added

[2.14] - 2016-12-16

Fixed

  • Lua code configuration parsing corrections (especially on boolean options).

Added

[2.13] - 2016-11-21

Changed

  • On start we do send cookie now also if the settings have changed and the cookie expiry time needs to be reduced.

Fixed

  • Memcache storage adapter had a missing ngx.null.

[2.12] - 2016-11-21

Added

  • Implemented pluggable session identifier generators.
  • Implemented random session idenfier generator.

Changed

  • Now checks if headers were already sent before trying to set the cookie headers.
  • SSL session identifier is not checked by default anymore.
  • Lua session.identifier.length changed to session.random.length.
  • Nginx $session_identifier_length changed to $session_random_length.

[2.11] - 2016-09-30

Changed

  • Just another OPM release to correct the name.

[2.10] - 2016-09-29

Added

  • Support for the official OpenResty package manager (opm).

Changed

  • Changed the change log format to keep-a-changelog.

[2.9] - 2016-09-01

Fixed

[2.8] - 2016-07-05

Fixed

[2.7] - 2016-05-18

Added

[2.6] - 2016-04-18

Changed

  • Just cleanups and changed _VERSION to point correct version.

[2.5] - 2016-04-18

Fixed

  • session.save close argument was not defaulting to true.

[2.4] - 2016-04-17

Added

  • Cookie will now have SameSite attribute set as "Lax" by default. You can turn it off or set to "Strict" by configuration.

Changed

[2.3] - 2015-10-16

Fixed

[2.2] - 2015-09-17

Changed

Added

  • Added documentation about removed features and corrected about session secret size accordingly.

[2.1] - 2015-09-07

Added

  • Added architecture for Cipher adapter plugins. See Also: https://github.com/bungle/lua-resty-session/issues/16 Thanks @mingfang
  • Implemented AES cipher adapter (just like it was before)
  • Implemented None cipher adapter (no encryption)
  • Added documentation about pluggable ciphers

Changed

  • Changed JSON serializer to use cjson.safe instead

[2.0] - 2015-08-31

Added

  • Added architecture for Storage adapter plugins. See Also: https://github.com/bungle/lua-resty-session/issues/13
  • Implemented Client Side Cookie storage adapter.
  • Implemented Memcache storage adapter. See Also: https://github.com/bungle/lua-resty-session/pull/14 Thanks @zandbelt
  • Implemented Redis storage adapter.
  • Implemented Shared Dictionary (shm) storage adapter.
  • Added architecture for Encoder and Decoder plugins.
  • Implemented Base 64 encoder / decoder.
  • Implemented Base 16 (hex) encoder / decoder.
  • Added architecture for Serializer plugins
  • Implemented JSON serializer.
  • Persistent cookies will now also contain Max-Age in addition to Expires.
  • Cookie domain attribute is not set anymore if not specified.
  • Added notes about using lua-resty-session with Lua code cache turned off. See also: https://github.com/bungle/lua-resty-session/issues/15 Thanks @BizShuk

[1.7] - 2015-08-03

Added

Fixed

[1.6] - 2015-05-05

Fixed

[1.5] - 2014-11-27

Fixed

Added

  • Added documentation about Nginx SSL/TLS configuration settings related to session lifetime and ssl session ids.

[1.4] - 2014-11-26

Fixed

Added

  • Added session.new function.
  • Added documentation about Nginx configuration used as defaults (not read on every request), and documented session.new.

Changed

  • session.start{ ... } (a call with config parameters) works now as expected.
  • session.start now returns additional extra boolean parameter that can be used to check if the session is s new session (false) or a previously started one (true).

[1.3] - 2014-11-14

Added

  • Added support for persistent sessions. See issue #2.
  • Added session.check.ssi, session.cookie.persistent and the related Nginx configuration variables.
  • Added Max-Age=0 to expiration code.

[1.2] - 2014-10-12

Fixed

  • Changed encode and decode functions to operate with correct number of arguments. See issue #1.

[1.1] - 2014-10-03

Security

  • There was a bug where additional user agent, scheme, and remote addr (disabled by default) was not checked.

Added

  • Added _VERSION field.

Changed

  • Simplied a code a lot (e.g. internal setcookie and getcookie functions are now cleaner). Removed a lot of unneccessary lines from session.start by adding configs directly to session prototype.

[1.0] - 2014-09-24

Added

  • LuaRocks Support via MoonRocks.