[2.2.2] - 2020-07-30

Fixed

• Fixes #2 - Prevents duplicate Access-Control-Allow-Credentials header value

[2.2.1] - 2020-07-14

Fixed

• Fixed typo in exported typescript type

[2.2.0] - 2020-06-29

Addition

• Support for API key
• Compatibility with CDI 2.1

[2.1.0] - 2020-06-18

Changes

• config changes and code refactor

[12.0.2] - 2022-09-22

Bug fix:

• Properly rethrowing generic errors in email verification endpoints.

[12.0.1] - 2022-09-22

Changed

• Email verification endpoints will now clear the session if called by a deleted/unknown user

[2.0.0] - 2020-05-04

Added

• Middleware for verification, refreshing and error handling
• revokeMultipleSessions function
• updateJWTPayload function

Changes

• Code refactor

Breaking changes

• Changed revokeSessionUsingSessionHandle => revokeSession

[11.0.1] - 2022-07-18

Fixes

• Fixed fastify issue where same cookie was getting set multiple times on the response object

Adds:

• Improved type definitions for SessionWrapper.getSession.

[11.0.0] - 2022-07-05

Breaking change:

• Changes session function recipe interfaces to not throw an UNAUTHORISED error when the input is a sessionHandle: https://github.com/supertokens/backend/issues/83
  • getSessionInformation now returns undefined is the session does not exist
  • updateSessionData now returns false if the input sessionHandle does not exist.
  • updateAccessTokenPayload now returns false if the input sessionHandle does not exist.
  • regenerateAccessToken now returns undefined if the input access token's sessionHandle does not exist.
  • The sessionClass functions have not changed in behaviour and still throw UNAUTHORISED. This works cause the sessionClass works on the current session and not some other session.

Bug fix:

• Clears cookies when revokeSession is called using the session container, even if the session did not exist from before: https://github.com/supertokens/supertokens-node/issues/343