You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is now possible to replace the session bound to the request by a fresh new session to avoid session fixation attacks. (#43)
Session pool now sweeps sessions that have exceeded the maximum lifetime. The maximum lifetime is configurable. (#42)
This helps prevent sessions from being maintained and kept alive forever.
Session pool can now renew a session id whenever the session changes. This helps prevent from session fixation attacks. (#41)
Session pool now sweeps stale sessions.
Sessions are considered stale when they have been inactive for longer than the configurable idle timeout. (#40)
It is now possible to boot the application with a warm-up sequence
Add an URLMap middleware for dispatching requests to different apps based on the request URI. (#38)
Add support for logging in Apache Combine Format to logger middleware (@ensonik in #37)
Changed
Write multiple cookie values as distinct Set-Cookie headers instead of single one - as per rfc6265 recommendation. (@gbranchaudrubenovitch in #46)
Session keys are automatically converted to their string representations
Default session cookie name is now molecule.session
Removed
PlainErrorReporter is no longer provided - you have to write your own reporters
Fixed
MiddlewareStack no longer mixes up middlewares and mount points when several mount points are defined
ApacheLoggers will now correctly log request parameters as they were received, in case they are modified down the middleware chain
