cookie-session - npm Package Compare versions

Comparing version 2.0.0 to 2.1.0

HISTORY.md

		@@ -0,1 +1,14 @@
		2.1.0 / 2024-01-23
		==================

		* Fix loading sessions with special keys
		* deps: cookies@0.9.1
		- Add `partitioned` option for CHIPS support
		- Add `priority` option for Priority cookie support
		- Fix accidental cookie name/value truncation when given invalid chars
		- Fix `maxAge` option to reject invalid values
		- Remove quotes from returned quoted cookie value
		- Use `req.socket` over deprecated `req.connection`
		- pref: small lookup regexp optimization

		2.0.0 / 2021-12-16
		@@ -2,0 +15,0 @@ ==================

index.js

		@@ -154,3 +154,5 @@ /*!
		for (var key in obj) {
		this[key] = obj[key]
		if (!(key in this)) {
		this[key] = obj[key]
		}
		}
		@@ -157,0 +159,0 @@ }

package.json

		{
		"name": "cookie-session",
		"description": "cookie session middleware",
		"version": "2.0.0",
		"version": "2.1.0",
		"contributors": [
		@@ -18,3 +18,3 @@ "Douglas Christopher Wilson <doug@somethingdoug.com>",
		"dependencies": {
		"cookies": "0.8.0",
		"cookies": "0.9.1",
		"debug": "3.2.7",
		@@ -26,12 +26,12 @@ "on-headers": "~1.0.2",
		"connect": "3.7.0",
		"eslint": "7.32.0",
		"eslint": "8.56.0",
		"eslint-config-standard": "14.1.1",
		"eslint-plugin-import": "2.25.3",
		"eslint-plugin-markdown": "2.2.1",
		"eslint-plugin-import": "2.29.1",
		"eslint-plugin-markdown": "3.0.1",
		"eslint-plugin-node": "11.1.0",
		"eslint-plugin-promise": "5.2.0",
		"eslint-plugin-promise": "6.1.1",
		"eslint-plugin-standard": "4.1.0",
		"mocha": "9.1.3",
		"mocha": "10.2.0",
		"nyc": "15.1.0",
		"supertest": "6.1.6"
		"supertest": "6.3.4"
		},
		@@ -38,0 +38,0 @@ "files": [

README.md

		@@ -24,2 +24,12 @@ # cookie-session

		NOTE This module does not encrypt the session contents in the cookie, only provides
		signing to prevent tampering. The client will be able to read the session data by
		examining the cookie's value. Secret data should not be set in `req.session` without
		encrypting it, or use a server-side session instead.

		NOTE This module does not prevent session replay, as the expiration set is that
		of the cookie only; if that is a concern of your application, you can store an expiration
		date in `req.session` object and validate it on the sever, and implement any other logic
		to extend the session as your application needs.

		## Install
		@@ -97,2 +107,4 @@
		- `domain`: a string indicating the domain of the cookie (no default).
		- `partitioned`: a boolean indicating whether to partition the cookie in Chrome for the [CHIPS Update](https://developers.google.com/privacy-sandbox/3pcd/chips) (`false` by default). If this is true, Cookies from embedded sites will be partitioned and only readable from the same top level site from which it was created.
		- `priority`: a string indicating the cookie priority. This can be set to `'low'`, `'medium'`, or `'high'`.
		- `sameSite`: a boolean or string indicating whether the cookie is a "same site" cookie (`false` by default). This can be set to `'strict'`, `'lax'`, `'none'`, or `true` (which maps to `'strict'`).
		@@ -130,3 +142,3 @@ - `secure`: a boolean indicating whether the cookie is only to be sent over HTTPS (`false` by default for HTTP, `true` by default for HTTPS). If this is set to `true` and Node.js is not directly over a TLS connection, be sure to read how to [setup Express behind proxies](https://expressjs.com/en/guide/behind-proxies.html) or the cookie may not ever set correctly.

		```
		```js
		req.session = null
		@@ -257,3 +269,3 @@ ```
		In practice this limit differs slightly across browsers. See a list of
		[browser limits here](http://browsercookielimits.squawky.net/). As a rule
		[browser limits here](http://browsercookielimits.iain.guru). As a rule
		of thumb don't exceed 4093 bytes per domain.
		@@ -260,0 +272,0 @@

cookie-session - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Dependency changes