13 * deps: uid-safe@~2.0.0
18 * Fix mutating `options.secret` value
23 * Support an array in `secret` option for key rotation
30 - Fix high intensity foreground color for bold
36 * deps: cookie-signature@1.0.6
37 * deps: uid-safe@1.1.0
38 - Use `crypto.randomBytes`, if available
39 - deps: base64-url@1.2.1
44 * deps: uid-safe@1.0.3
45 - Fix error branch that would throw
46 - deps: base64-url@1.2.0
51 * deps: uid-safe@1.0.2
52 - Remove dependency on `mz`
57 * Add `store.touch` interface for session stores
58 * Fix `MemoryStore` expiration with `resave: false`
64 * Fix error when `req.sessionID` contains a non-string value
75 * Remove unnecessary empty write call
76 - Fixes Node.js 0.11.14 behavior change
77 - Helps work-around Node.js 0.10.1 zlib bug
83 - Implement `DEBUG_FD` env variable support
89 * Use `crc` instead of `buffer-crc32` for speed
95 * Keep `req.session.save` non-enumerable
96 * Prevent session prototype methods from being overwritten
101 * Do not resave already-saved session at end of request
102 * deps: cookie-signature@1.0.5
108 * Fix exception on `res.end(null)` calls
113 * Fix parsing original URL
114 * deps: on-headers@~1.0.0
115 * deps: parseurl@~1.3.0
120 * Fix response end delay for non-chunked responses
125 * Fix `res.end` patch to call correct upstream `res.write`
131 - Work-around v8 generating empty stack traces
137 - Fix exception when global `Error.stackTraceLimit` is too low
142 * Improve session-ending error handling
143 - Errors are passed to `next(err)` instead of `console.error`
146 - Add `TRACE_DEPRECATION` environment variable
147 - Remove non-standard grey color from color output
148 - Support `--no-deprecation` argument
149 - Support `--trace-deprecation` argument
154 * Do not require `req.originalUrl`
156 - Add support for multiple wildcards in namespaces
161 * Fix blank responses for stores with synchronous operations
166 * Fix resave deprecation message
171 * Fix confusing option deprecation messages
176 * Fix saveUninitialized deprecation message
181 * Add deprecation message to undefined `resave` option
182 * Add deprecation message to undefined `saveUninitialized` option
183 * Fix `res.end` patch to return correct value
184 * Fix `res.end` patch to handle multiple `res.end` calls
185 * Reject cookies with missing signatures
190 * deps: cookie-signature@1.0.4
191 - fix for timing attacks
196 * Move hard-to-track-down `req.secret` deprecation message
201 * Debug name is now "express-session"
202 * Deprecate integration with `cookie-parser` middleware
203 * Deprecate looking for secret in `req.secret`
204 * Directly read cookies; `cookie-parser` no longer required
205 * Directly set cookies; `res.cookie` no longer required
206 * Generate session IDs with `uid-safe`, faster and even less collisions
211 * Add `genid` option to generate custom session IDs
212 * Add `saveUninitialized` option to control saving uninitialized sessions
213 * Add `unset` option to control unsetting `req.session`
214 * Generate session IDs with `rand-token` by default; reduce collisions
215 * deps: buffer-crc32@0.2.3
220 * Add description in package for npmjs.org listing
225 * Integrate with express "trust proxy" by default
231 * Fix `resave` such that `resave: true` works
236 * Add `resave` option to control saving unmodified sessions
241 * Add `name` option; replacement for `key` option
242 * Use `setImmediate` in MemoryStore for node.js >= 0.10
252 * Use `res.cookie()` instead of `res.setHeader()`
258 * Add missing dependency to `package.json`
263 * Add missing dependencies to `package.json`
268 * Genesis from `connect`