express-session - npm Package Compare versions

Comparing version 1.10.3 to 1.10.4

HISTORY.md

@@ -0,1 +1,8 @@
+1.10.4 / 2015-03-15
+===================
+
+  * deps: debug@~2.1.3
+    - Fix high intensity foreground color for bold
+    - deps: ms@0.7.0
+
 1.10.3 / 2015-02-16
@@ -2,0 +9,0 @@ ===================

package.json

 {
   "name": "express-session",
-  "version": "1.10.3",
+  "version": "1.10.4",
   "description": "Simple session middleware for Express",
@@ -16,3 +16,3 @@ "author": "TJ Holowaychuk <tj@vision-media.ca> (http://tjholowaychuk.com)",
     "crc": "3.2.1",
-    "debug": "~2.1.1",
+    "debug": "~2.1.3",
     "depd": "~1.0.0",
@@ -27,5 +27,5 @@ "on-headers": "~1.0.0",
     "cookie-parser": "~1.3.4",
-    "express": "~4.10.8",
-    "istanbul": "0.3.5",
-    "mocha": "~2.1.0",
+    "express": "~4.11.2",
+    "istanbul": "0.3.7",
+    "mocha": "~2.2.1",
     "supertest": "~0.15.0"
@@ -32,0 +32,0 @@ },

README.md

@@ -25,5 +25,12 @@ # express-session
 
-**Note** session data is _not_ saved in the cookie itself, just the session ID.
-Session data is stored server-side.
+**Note** Session data is _not_ saved in the cookie itself, just the session ID.
+Session hdata is stored server-side.
 
+**Warning** The default server-side session storage, `MemoryStore`, is _purposely_
+not designed for a production environment. It will leak memory under most
+conditions, does not scale past a single process, and it meant for debugging and
+developing.
+
+For a list of stores, see [compatible session stores](#compatible-session-stores).
+
 #### Options
@@ -67,2 +74,6 @@
 
+**Note** if you have multiple apps running on the same host (hostname + port),
+then you need to separate the session cookies from each other. The simplest
+method is to simply set different `name`s per app.
+
 ##### proxy
@@ -94,2 +105,8 @@
 
+How do I know if this is necessary for my store? The best way to know is to
+check with your store if it implements the `touch` method. If it does, then
+you can safely set `resave: false`. If it does not implement the `touch`
+method and your store sets an expiration date on stored sessions, then you
+likely need `resave: true`.h
+
 ##### rolling
@@ -142,2 +159,7 @@
 
+**Note** Since version 1.5.0, the [`cookie-parser` middleware](https://www.npmjs.com/package/cookie-parser)
+no longer needs to be used for this module to work. This module now directly reads
+and writes cookies on `req`/`res`. Using `cookie-parser` may result in issues
+if the `secret` is not the same between this module and `cookie-parser`.
+
 Please note that `secure: true` is a **recommended** option. However, it requires an https-enabled website, i.e., HTTPS is necessary for secure cookies.
@@ -292,2 +314,10 @@ If `secure` is set, and you access your site over HTTP, the cookie will not be set. If you have your node.js behind a proxy and are using `secure: true`, you need to set "trust proxy" in express:
 
+## Compatible Session Stores
+
+The following modules implement a session store that is compatible with this
+module. Please make a PR to add additional modules :)
+
+  * [connect-redis](https://www.npmjs.com/package/connect-redis) A Redis-based
+    session store.
+
 ## Example
@@ -294,0 +324,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

42866

increased by3.91%

Number of lines in readme file

374

increased by8.72%

Dependency changes

• Updateddebug@~2.1.3