CHANGES.rst

0.8.0 - 2024-03-26

Added

• Add DynamoDB session interface (#214).
• Add ability to install client libraries for backends using optional dependencies (extras) (#228).

Fixed

• Include prematurely removed cachelib dependency. Will be removed in 1.0.0 to be an optional dependency (#223).

0.7.0 - 2024-03-18

Changed

• Access session interfaces via subfolder, for example flask_session.redis.RedisSessionInterface (2bc7df).
• Deprecate pickle in favor of msgspec, which is configured with SESSION_SERIALIZATION_FORMAT to choose between 'json' and 'msgpack'. All sessions will convert to msgspec upon first interaction with 0.7.0. Pickle is still available to read existing sessions, but will be removed in 1.0.0. (c7f8ce, c7f8ce)
• Deprecate SESSION_USE_SIGNER (a5dba7).
• Deprecate :class:`flask_session.filesystem.FileSystemSessionInterface` in favor of the broader :class:`flask_session.cachelib.CacheLibSessionInterface` (2bc7df).

Added

• Add time-to-live expiration for MongoDB (9acee3).
• Add retry for SQL based storage (#211).
• Add flask session_cleanup command and alternatively, SESSION_CLEANUP_N_REQUESTS for SQLAlchemy or future non-TTL backends (#211).
• Add type hints (7d7d58).
• Add logo and additional documentation.
• Add vary cookie header when session modified or accessed as per flask's built-in session (7ab698).
• Add regenerate method to session interface to mitigate fixation (#27, #39)(80df63).

Removed

• Remove null session in favour of relevant exception messages (#107, #182)(d7ed1c).
• Drop support for Python 3.7 which is end-of-life and precludes use of msgspec (bd7e5b).

Fixed

• Prevent session identifier reuse on storage miss (#76).
• Abstraction to improve consistency between backends.
• Enforce PERMANENT_SESSION_LIFETIME as expiration consistently for all backends (#81)(86895b).
• Specifically include backend session interfaces in public API and document usage (#210).
• Fix non-permanent sessions not updating expiry (#221).

0.6.0 - 2024-01-16

Changed

• Use :meth:`~ServerSideSession.should_set_cookie` for preventing each request from saving the session again.
• Do not store a permanent session that is otherwise empty.
• Use secrets module to generate session identifiers, with 256 bits of entropy (was previously 122).
• Explicitly name support for python-memcached, pylibmc and pymemcache for cachelib backend.

Added

• Introduce SESSION_KEY_LENGTH to control the length of the session key in bytes, default is 32.
• Support SQLAlchemy SESSION_SQLALCHEMY_SEQUENCE, SESSION_SQLALCHEMY_SCHEMA and SESSION_SQLALCHEMY_BINDKEY

Removed

• Drop support for Redis < 2.6.12.

Fixed

• Fix pymongo 4.0 compatibility.
• Fix expiry is None bug in SQLAlchemy.
• Fix bug when existing SQLAlchemy db instance.
• Fix empty sessions being saved.
• Support Flask 3.0 and Werkzeug 3.0

0.5.0 - 2023-05-11

• Drop support for Python < 3.7.
• Switch to pyproject.toml and Flit for packaging.
• Move to Pallets Community Ecosystem for community-driven maintenance.
• Replace use of session_cookie_name for Flask 2.3 compatibility.

0.4.1

• Temporarily pin Flask < 2.3.

0.4.0

• Added support for SESSION_COOKIE_SAMESITE.

0.3.2

• Changed werkzeug.contrib.cache to cachelib.

0.3.1

• SqlAlchemySessionInterface is using VARCHAR(255) to store session id now.
• SqlAlchemySessionInterface won't run db.create_all anymore.

0.3

• SqlAlchemySessionInterface is using LargeBinary type to store data now.
• Fixed MongoDBSessionInterface delete method not found.
• Fixed TypeError when getting store_id using a signer.

0.2.3

• Fixed signing failure in Python 3.
• Fixed MongoDBSessionInterface failure in Python 3.
• Fixed SqlAlchemySessionInterface failure in Python 3.
• Fixed StrictRedis support.

0.2.2

• Added support for non-permanent session.

0.2.1

• Fixed signing failure.

0.2

• Added SqlAlchemySessionInterface.
• Added support for cookie session id signing.
• Various bugfixes.

0.1.1

• Fixed MongoDB backend InvalidDocument error.

0.1

• First public preview release.