9.0.1 (2023-11-01)
- 18: Move @types/pg to dev dependencies (ea4a9c1)
- Breaking change: Require Node version
>=16.0.0 - Notable: Start automatic pruning lazily. Wait for first use of the session manager before scheduling the pruning. #285
- Change: Log whole error object instead of only message. Thanks @safareli! #225
- ...and internal updates to dev dependencies etc
- Breaking change: Require Node version
^14.18.0 || >=16.0.0 - Notable: Mark most private methods and properties as actually private using the Private class feature (having the name begin with a
#) This can be breaking if you relied on those properties or methods - Internal: Update included version of
pg - Internal: Use
node:to import built in modules - ...and a lot of updates to dev dependencies, GitHub Action workflows etc
- Breaking change: Now requires at least Node.js 12.x
- Internal: Updated some developer dependencies and test targets
- As well as all changes in
7.0.0-0
- Possibly breaking change: Align session expiration logic with connect-redis which in turned aligned with connect-mongo. Fixes #54.
- Minor breaking change: The
.close()method is now async and returns aPromisethat will be resolved when this session store is fully shut down. Fixes #183. - Minor breaking change: Now requires Node version
^10.17.0 || >=11.14.0 - Feature: New option:
disableTouch. Disables updating of TTL in database on touch. Fixes #55. - Feature: New option:
createTableIfMissing. When set, the session table will be automatically created if missing. Fixes #158 and #173. Thanks @aadeshmisra! - Tweak: Slightly tweaked the pg-promise integration. Fixes #153.
- Tweak: Introduced a new internal
_asyncQuery()function in a move to modernize internal code on top of Promise / async / await.
- Fix: Regression, query errors wasn't properly forwarded. Fixes #180 and #179. Thanks @alxndrsn! (5c324ac)
- Test: Added test for above regression (fd36978)
- Change: Improved types + error return values (f73ea0d 68a2242)
- Change: Updated SECURITY.md to delegate security reports to Tidelift, and thus ensure quicker responses (7683d40 59c7fbc)
- Important fix: Bump pg to 8.2.1 to support node 14+
- Change: Change default prine interval to 15 mins
- Test: Add Node 14 to GitHub CI
- Test: Added more types and type linting
- Feature: Prune intervals are now by default randomized between 50% and 150% of the set prune value, making the average prune interval be the same as before, but makes database load more even by making it unlikely for eg. many instances to all prune at once.
- Feature: New option
pruneSessionRandomizedIntervalenables deactivation + customization of the new random prune interval feature. - Change: Default prune interval is now
5minutes, rather than1minute. No need to clean extremely often. Will probably make even longer eventually, but a more drastic change could be kind of a breaking change. Please comment in #162 with feedback on future default. - Performance: The database schema definition now specifies an index on the
expirecolumn. You have to add this yourself if you have already set up this module. The change is purely for enhancing performance and can be skipped if no performance issues have been experiences. It is recommended to apply it though.
- Very minor security fix:
schemaNameandtableNamewasn't escaped. If any of the two contained a string with a double quote in it, then that would enable an SQL injection. This was previously a feature oftableName, before the introduction of a separateschemaName, as that allowed a schema to be defined as part oftableName. Defining schema name throughtableNameis still supported after this fix, but is now deprecated. - Fix: Errors wasn't propagated properly. Fixed in #150. Thanks @bobnil!
- Breaking change: Now requires at least Node.js 10.x, this as Node.js 8.x only have a short time left in its LTS
- Breaking change: This project now uses
INSERT ... ON CONFLICT, more popularly known asUPSERT. This is only supported on PostgreSQL version 9.5 and above. - Listen on pool errors. Fixes #29
- Breaking change: Now requires at least Node.js 8.x (this as Node.js 6.x only have a short time left in its LTS and I rather don't bump the major version more often than I have to)
- Breaking change: Now expects pg 7.x to be used
- Fix: Connection string is now handled by pg instead of by this module. Should improve support for things like ssl.
- Fix: The pruning timer will no longer keep Node alive, it's been given the
unref()treatment
- Feature: New option
pgPromiseenables the library to re-use an existing connection from pg-promise. This is a mutually-exclusive alternative to specifyingpool,conObject, orconString(only one of these can be provided).
- Feature: New option
conObjectenables connection details to be set through an object - Improvement: Hardening of
conStringparsing + some added tests of it
- Breaking change + improved support: When the pg module is provided to this module, then a pool from the new
6.xversion of that module is now required rather than providing the module itself
- Bug fix: Previous timestamp fix failed critically, fixing it again. Thanks @G3z and @eemeli
- Bug fix: The internal query helper was treating params() wrong when called with two argument. Thanks for reporting @colideum!
- Bug fix: If the database and the node instances had different clocks, then things wouldn't work that well due to mixed timestamp sources. Now node handles all timestamps. Thanks for reporting @sverkoye!
- Feature: Support the
store.touch()method to allow for extending the life time of a session without changing the data of it. This enables setting theresaveoption tofalse, which is recommended to avoid a session extender save overwriting another save that adds new data to the session. More info in the express-session readme. - Fix: Relax the engine requirements – accept newer versions of Node.js/iojs as well
- Fix: Added support for sails by supporting sending the full Express 3 object into the plugin
- Fix: If the
pginstance used is created by this module, then this module should also close it onclose()
- Improvement: Rather than randomly cleaning up expired sessions that will now happen at the
options.pruneSessionIntervaldefined interval. - Breaking change: Clients now need to close the session store to gracefully shut down their app as the pruning of sessions can't know when the rest of the app has stopped running and thus can't know when to stop pruning sessions if it itsn't told so explicitly through thew new
close()method – or by deactivating the automatic pruning by settingingoptions.pruneSessionIntervaltofalse. If automatic pruning is disabled the client needs to callpruneSessions()manually or otherwise ensure that old sessions are pruned.
- Fix regression: No longer default to
publicschema, as added in2.2.0, but rather default to the pre-2.2.0behavior of no defined schema. This to ensure backwards compatibility with the2.xbranch, per semantic versioning best practise.
- Hotfix: Update
require('pg')to match package.json, thanks for reporting @dmitriiabramov
- New: Now possibly to set another schema than the default
- Change: Now using the
pgdependency again rather thanpg.jsas the latter will be discontinued aspgnow fills its role
- Fix bug with creating new sessions that was caused by 2.1.0
- Enable the table name to be configured through new
tableNameoption
- Backwards incompatible change: Support for Express 4 means that Express 3 apps (and similar for Connect apps) should send
express.sessionto the module rather than justexpress. - Dependency change: The database module is now pg.js rather than pg – same library, but without compilation of any native bindings and thus less delay when eg. installing the application from scratch.
- Support for PostgreSQL versions older than 9.2
- Fix for sometimes not expiring sessions correctly
- First NPM-version of the script originally published as a Gist here: https://gist.github.com/voxpelli/6447728