Passport v0.6.0 Release Notes

Release Date: 2022-05-20 // almost 2 years ago
  • ➕ Added

    • authenticate(), req#login, and req#logout accept a keepSessionInfo: true option to keep session information after regenerating the session.

    🔄 Changed

    • req#login() and req#logout() regenerate the the session and clear session 0️⃣ information by default.
    • req#logout() is now an asynchronous function and requires a callback function as the last argument.

    🔒 Security

    • 👌 Improved robustness against session fixation attacks in cases where there is physical access to the same system or the application is susceptible to cross-site scripting (XSS).

Previous changes from v0.5.3

  • 🛠 Fixed

    • initialize() middleware extends request with login(), logIn(), logout(), logOut(), isAuthenticated(), and isUnauthenticated() functions ⏪ again, reverting change from 0.5.1.