Passport v0.6.0 Release Notes
Release Date: 2022-05-20 // about 1 year ago-
โ Added
authenticate()
,req#login
, andreq#logout
accept akeepSessionInfo: true
option to keep session information after regenerating the session.
๐ Changed
req#login()
andreq#logout()
regenerate the the session and clear session 0๏ธโฃ information by default.req#logout()
is now an asynchronous function and requires a callback function as the last argument.
๐ Security
- ๐ Improved robustness against session fixation attacks in cases where there is physical access to the same system or the application is susceptible to cross-site scripting (XSS).
Previous changes from v0.5.3
-
๐ Fixed
initialize()
middleware extends request withlogin()
,logIn()
,logout()
,logOut()
,isAuthenticated()
, andisUnauthenticated()
functions โช again, reverting change from 0.5.1.