Passport v0.6.0 Release Notes

Release Date: 2022-05-20 // about 1 year ago
  • โž• Added

    • authenticate(), req#login, and req#logout accept a keepSessionInfo: true option to keep session information after regenerating the session.

    ๐Ÿ”„ Changed

    • req#login() and req#logout() regenerate the the session and clear session 0๏ธโƒฃ information by default.
    • req#logout() is now an asynchronous function and requires a callback function as the last argument.

    ๐Ÿ”’ Security

    • ๐Ÿ‘Œ Improved robustness against session fixation attacks in cases where there is physical access to the same system or the application is susceptible to cross-site scripting (XSS).

Previous changes from v0.5.3

  • ๐Ÿ›  Fixed

    • initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions โช again, reverting change from 0.5.1.