Changes#
0.8.0 - 2024-03-26#
Added#
Fixed#
Include prematurely removed
cachelib
dependency. Will be removed in 1.0.0 to be an optional dependency (#223).
0.7.0 - 2024-03-18#
Changed#
Access session interfaces via subfolder, for example
flask_session.redis.RedisSessionInterface
(2bc7df).Deprecate
pickle
in favor ofmsgspec
, which is configured withSESSION_SERIALIZATION_FORMAT
to choose between'json'
and'msgpack'
. All sessions will convert to msgspec upon first interaction with 0.7.0. Pickle is still available to read existing sessions, but will be removed in 1.0.0. (c7f8ce, c7f8ce)Deprecate
SESSION_USE_SIGNER
(a5dba7).Deprecate
flask_session.filesystem.FileSystemSessionInterface
in favor of the broaderflask_session.cachelib.CacheLibSessionInterface
(2bc7df).
Added#
Add time-to-live expiration for MongoDB (9acee3).
Add retry for SQL based storage (#211).
Add
flask session_cleanup
command and alternatively,SESSION_CLEANUP_N_REQUESTS
for SQLAlchemy or future non-TTL backends (#211).Add type hints (7d7d58).
Add logo and additional documentation.
Add vary cookie header when session modified or accessed as per flask’s built-in session (7ab698).
Add regenerate method to session interface to mitigate fixation (#27, #39)(80df63).
Removed#
Fixed#
Prevent session identifier reuse on storage miss (#76).
Abstraction to improve consistency between backends.
Enforce
PERMANENT_SESSION_LIFETIME
as expiration consistently for all backends (#81)(86895b).Specifically include backend session interfaces in public API and document usage (#210).
Fix non-permanent sessions not updating expiry (#221).
0.6.0 - 2024-01-16#
Changed#
Use
should_set_cookie()
for preventing each request from saving the session again.Do not store a permanent session that is otherwise empty.
Use secrets module to generate session identifiers, with 256 bits of entropy (was previously 122).
Explicitly name support for
python-memcached
,pylibmc
andpymemcache
forcachelib
backend.
Added#
Introduce
SESSION_KEY_LENGTH
to control the length of the session key in bytes, default is 32.Support SQLAlchemy
SESSION_SQLALCHEMY_SEQUENCE
,SESSION_SQLALCHEMY_SCHEMA
andSESSION_SQLALCHEMY_BINDKEY
Removed#
Drop support for Redis < 2.6.12.
Fixed#
Fix pymongo 4.0 compatibility.
Fix expiry is None bug in SQLAlchemy.
Fix bug when existing SQLAlchemy db instance.
Fix empty sessions being saved.
Support Flask 3.0 and Werkzeug 3.0
0.5.0 - 2023-05-11#
Drop support for Python < 3.7.
Switch to
pyproject.toml
and Flit for packaging.Move to Pallets Community Ecosystem for community-driven maintenance.
Replace use of
session_cookie_name
for Flask 2.3 compatibility.
0.4.1#
Temporarily pin Flask < 2.3.
0.4.0#
Added support for
SESSION_COOKIE_SAMESITE
.
0.3.2#
Changed
werkzeug.contrib.cache
tocachelib
.
0.3.1#
SqlAlchemySessionInterface
is usingVARCHAR(255)
to store session id now.SqlAlchemySessionInterface
won’t run db.create_all anymore.
0.3#
SqlAlchemySessionInterface
is usingLargeBinary
type to store data now.Fixed
MongoDBSessionInterface
delete
method not found.Fixed
TypeError
when gettingstore_id
using a signer.
0.2.3#
Fixed signing failure in Python 3.
Fixed
MongoDBSessionInterface
failure in Python 3.Fixed
SqlAlchemySessionInterface
failure in Python 3.Fixed
StrictRedis
support.
0.2.2#
Added support for non-permanent session.
0.2.1#
Fixed signing failure.
0.2#
Added
SqlAlchemySessionInterface
.Added support for cookie session id signing.
Various bugfixes.
0.1.1#
Fixed MongoDB backend
InvalidDocument
error.
0.1#
First public preview release.