All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
0.6.0 - 2022-05-20
authenticate()
,req#login
, andreq#logout
accept akeepSessionInfo: true
option to keep session information after regenerating the session.
req#login()
andreq#logout()
regenerate the the session and clear session information by default.req#logout()
is now an asynchronous function and requires a callback function as the last argument.
- Improved robustness against session fixation attacks in cases where there is physical access to the same system or the application is susceptible to cross-site scripting (XSS).
0.5.3 - 2022-05-16
initialize()
middleware extends request withlogin()
,logIn()
,logout()
,logOut()
,isAuthenticated()
, andisUnauthenticated()
functions again, reverting change from 0.5.1.
0.5.2 - 2021-12-16
- Introduced a compatibility layer for strategies that depend directly on
passport@0.4.x
or earlier (such aspassport-azure-ad
), which were broken by the removal of private variables inpassport@0.5.1
.
0.5.1 - 2021-12-15
- Informative error message in session strategy if session support is not available.
authenticate()
middleware, rather thaninitialize()
middleware, extends request withlogin()
,logIn()
,logout()
,logOut()
,isAuthenticated()
, andisUnauthenticated()
functions.
initialize()
middleware extends request withlogin()
,logIn()
,logout()
,logOut()
,isAuthenticated()
, andisUnauthenticated()
functions.
login()
,logIn()
,logout()
,logOut()
,isAuthenticated()
, andisUnauthenticated()
functions no longer added tohttp.IncomingMessage.prototype
.
userProperty
option toinitialize()
middleware only affects the current request, rather than all requests processed via singleton Passport instance, eliminating a race condition in situations whereinitialize()
middleware is used multiple times in an application withuserProperty
set to different values.