mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-05-03 21:59:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

express-session: Set a finite cookie lifetime

Browse source
This commit is contained in:
Richard Hansen 2021-12-22 23:42:19 -05:00
parent ec10700dff
commit 023e58cfe6
4 changed files with 27 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGELOG.md
View file

@ -6,6 +6,7 @@
* `express_sid` cookies and `sessionstorage:*` database records are no longer
created unless `requireAuthentication` is `true` (or a plugin causes them to
be created).
* Login sessions now have a finite lifetime by default (10 days).
* `sessionstorage:*` database records are automatically deleted when the login
session expires (with some exceptions that will be fixed in the future).
* Requests for static content (e.g., `/robots.txt`) and special pages (e.g.,
@ -45,6 +46,9 @@
### Compatibility changes
* The default login session expiration (applicable if `requireAuthentication` is
`true`) changed from never to 10 days.
#### For plugin authors
* The `client` context property for the `handleMessageSecurity` and