- Set secure attribute when adding a session removal cookie. #300
- Set SameSite attribute when adding a session removal cookie. #284
- Minimum supported Rust version (MSRV) is now 1.59 due to transitive
time
dependency.
- Fix interaction between session state changes and renewal. #265
- Added
TtlExtensionPolicy
enum to support different strategies for extending the TTL attached to the session state.TtlExtensionPolicy::OnEveryRequest
now allows for long-lived sessions that do not expire if the user remains active. #233 SessionLength
is now calledSessionLifecycle
. #233SessionLength::Predetermined
is now calledSessionLifecycle::PersistentSession
. #233- The fields for Both
SessionLength
variants have been extracted into separate types (PersistentSession
andBrowserSession
). All fields are now private, manipulated via methods, to allow adding more configuration parameters in the future in a non-breaking fashion. #233 SessionLength::Predetermined::max_session_length
is now calledPersistentSession::session_ttl
. #233SessionLength::BrowserSession::state_ttl
is now calledBrowserSession::session_state_ttl
. #233SessionMiddlewareBuilder::max_session_length
is now calledSessionMiddlewareBuilder::session_lifecycle
. #233- The
SessionStore
trait requires the implementation of a new method,SessionStore::update_ttl
. #233 - All types used to configure
SessionMiddleware
have been moved to theconfig
sub-module. #233 - Update
actix
dependency to0.13
. - Update
actix-redis
dependency to0.12
. - Minimum supported Rust version (MSRV) is now 1.57 due to transitive
time
dependency.
- Implement
SessionExt
forGuardContext
. #234 RedisSessionStore
will prevent connection timeouts from causing user-visible errors. #235- Do not leak internal implementation details to callers when errors occur. #236
- No significant changes since
0.6.0
.
SessionMiddleware
, a middleware to provide support for saving/updating/deleting session state against a pluggable storage backend (seeSessionStore
trait). #212CookieSessionStore
, a cookie-based backend to store session state. #212RedisActorSessionStore
, a Redis-based backend to store session state powered byactix-redis
. #212RedisSessionStore
, a Redis-based backend to store session state powered byredis-rs
. #212- Add TLS support for Redis via
RedisSessionStore
. #212 - Implement
SessionExt
forServiceResponse
. #212
- Rename
UserSession
toSessionExt
. #212
CookieSession
; replaced withCookieSessionStore
, a storage backend forSessionMiddleware
. #212Session::set_session
; useSession::insert
to modify the session state. #212
- Update
actix-web
dependency to4
.
- Update
actix-web
dependency to4.0.0-rc.1
.
- Update
actix-web
dependency to4.0.0.beta-18
. #218 - Minimum supported Rust version (MSRV) is now 1.54.
- Update
actix-web
dependency to4.0.0.beta-15
. #216
- Update
actix-web
dependency to4.0.0.beta-14
. #209 - Remove
UserSession
implementation forRequestHead
. #209 - A session will be created in the storage backend if and only if there is some data inside the session state. This reduces the performance impact of
SessionMiddleware
on routes that do not leverage sessions. #207
- No significant changes since
0.5.0-beta.3
.
- Impl
Clone
forCookieSession
. #201 - Update
actix-web
dependency to v4.0.0-beta.10. #203 - Minimum supported Rust version (MSRV) is now 1.52.
- No notable changes.
- Add
Session::entries
. #170 - Rename
Session::{set => insert}
to match standard hash map naming. #170 - Return values from
Session::remove
. #170 - Add
Session::remove_as
deserializing variation. #170 - Simplify
Session::get_changes
now always returning iterator even when empty. #170 - Swap order of arguments on
Session::set_session
. #170 - Update
actix-web
dependency to 4.0.0 beta. - Minimum supported Rust version (MSRV) is now 1.46.0.
Session::set_session
takes aIntoIterator
instead ofIterator
. #105- Fix calls to
session.purge()
from paths other than the one specified in the cookie. #129
- Update
actix-web
dependency to 3.0.0. - Minimum supported Rust version (MSRV) is now 1.42.0.
- Update the
time
dependency to 0.2.7 - Update the
actix-web
dependency to 3.0.0-alpha.1 - Long lasting auto-prolonged session #1292
- Minimize
futures
dependency
- Release
- Allow access to sessions also from not mutable references to the request
- Add access to the session from RequestHead for use of session from guard methods
- Migrate to
std::future
- Migrate to
actix-web
2.0
- Enhanced
actix-session
to facilitate state changes. UseSession.renew()
at successful login to cycle a session (new key/cookie but keeps state). UseSession.purge()
at logout to invalid a session cookie (and remove from redis cache, if applicable).
- Fix optional cookie session support
- Use actix-web 1.0.0-rc
- Use actix-web 1.0.0-beta.4
- Add helper trait
UserSession
which allows to get session for ServiceRequest and HttpRequest
- Update actix-web to beta.1
CookieSession::max_age()
accepts value in seconds
- Update actix-web alpha.6
- Update actix-web
- Update actix-web
- Update actix-web
- Use new feature name for secure cookies
- Initial impl