lucia-auth 0.3.0
#247
pilcrowonpaper
announced in
Announcements
`lucia-auth` 0.3.0
#247
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
This major version mostly cleans up the APIs. If you're using one of the integration packages, there's not much change security wise that you should be concerned about. Make sure to update integration packages and adapters to the latest version to use this version.
getSession()returns both active and idle sessionsgetSession()returns both active and idle sessions!MAJOR! Previously
getSession()only returned active sessions. The state can be checked viaSession.state.Remove
setSessionCookie()params from API methodsrenewSession(),validateSession(),validateSessionUser()no longer sets session cookie using the provided function parameterYou now have to check if the session was renewed via
isFreshpropertyUpdated
SessionSession.expires,Session.idlePeriodExpiresareDateobjectsstate,isFreshproperty toSessionAdded:
isFresh: istrueif the session was just created (including on renewed sessions)state:activeoridleClean up configs
Session.expirestoSession.activePeriodExpiresConfig.sessionTimeouttoConfig.sessionTimeout.activePeriod,Config.idlePeriodTimeouttoConfig.sessionTimeout.idlePeriodConfig.deleteCookieOptionConfig.sessionCookieOptiontoConfig.sessionCookieautoDatabaseCleanupconfigA new config is
autoDatabaseCleanup. When set to true (default), it will clean up the database on certain api calls. Specifically, it removes the target session from the database if its dead on:getSession()getSessionUser()validateSessionUser()validateSession()and deletes the target user's dead sessions from the database on:
updateUserProviderId()updateUserAttributes()createSession().Other
Cookie.optionstoCookie.attributesBeta Was this translation helpful? Give feedback.
All reactions