Skip to content

Releases: gorilla/sessions

v1.4.0

20 Aug 14:12
@jaitaiwan jaitaiwan
v1.4.0
bb4cd60
Compare
Choose a tag to compare
v1.4.0 Latest
Latest

Summary

There were new features important for compatibility with some of the upcoming cookie security changes with google that required a new Partitioned attribute be added to the cookies, this attribute was only available in go 1.23, which has just recently been released.

If you require a version that is backward compatible with a lower version than go 1.23 then you'll need to use release v1.3.0.

The following notes show the difference between 1.2.2 and the current version because 1.3.0 was a hotfix for go 1.22 and below.

What's Changed

New Contributors

Full Changelog: v1.2.2...v1.4.0

Contributors

moloch--, mbacalan, and 3 other contributors
Assets 2
Loading

v1.3.0

15 Jun 03:09
@jaitaiwan jaitaiwan
v1.3.0
19d52f4
Compare
Choose a tag to compare
v1.3.0

The maintainers of this repo merged a PR into main with the net/http.Cookie field Partitioned which is a field only available in go 1.23. As a result all usage of the main branch will not work unless users are on 1.23 which at the time of writing is currently unreleased. This broke the install for a number of users so the intent of this release is to push out a couple of features and bugfixes with the go 1.23 specific changes removed.

Releases should be used exclusively until go 1.23 is released.

What's Changed

New Contributors

Full Changelog: v1.2.2...v1.3.0

Contributors

moloch--, mbacalan, and 2 other contributors
Assets 2
Loading

Release v1.2.2

05 Nov 02:30
@coreydaley coreydaley
v1.2.2
3eed1c4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.2.2

What's Changed

New Contributors

Full Changelog: v1.2.1...v1.2.2

Contributors

mariusor, elithrar, and 4 other contributors
Assets 2
Loading

v1.2.1 ✏️

22 Aug 21:06
@release-drafter release-drafter
v1.2.1
61fa50d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.2.1 ✏️

A minor maintenance release that improves documentation and two new third-party store implementations.

CHANGELOG

Assets 2
Loading

v1.2.0 💾

09 Jul 14:15
@release-drafter release-drafter
v1.2.0
4355a99
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.2.0 💾

This release removes gorilla/context as a dependency. sessions now requires Go 1.7 or greater (released August, 2016), which provides a first-class request context for sessions and reduces user-facing complexity.

CHANGELOG

Assets 2
Loading

Bug Fix: SameSite

05 Oct 13:13
@release-drafter release-drafter
v1.1.3
f57b7e2
Compare
Choose a tag to compare
Bug Fix: SameSite

This release fixes an oversight in how cookie options were copied internally, impacting SameSite cookie settings.

CHANGELOG

  • [docs] Improve advice around key generation & usage. (#168) @elithrar
  • Set http.Cookie's SameSite field in NewCookie for Go 1.11 or later (#170) @nwidger
Assets 2
Loading

v1.1.2 - SameSite Cookie Support

03 Sep 15:53
@release-drafter release-drafter
v1.1.2
8154739
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.2 - SameSite Cookie Support

gorilla/sessions now supports the SameSite cookie attribute added in Go 1.11.

Cookies with this set (in Strict mode, preferably) are only sent on requests originating from the same origin at as the cookie domain, rather than for all requests to that domain no matter the origin.

You can set SameSite on a session by setting session.Options.SameSite to a valid value:

func MyHandler(w http.ResponseWriter, r *http.Request) {
	session, err := store.Get(r, "session-name")
	if err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}

	// Set the SameSite mode via one of the typed constants described
	// at https://golang.org/pkg/net/http/#SameSite
	session.Options = &sessions.Options{SameSite: http.SameSiteStrictMode}

	if err := session.Save(r, w); err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}
}

You can read more about the SameSite attribute on Mozilla's blog, or inthe RFC itself.

CHANGELOG

Assets 2
Loading

v1.1.1

06 Jun 18:07
@elithrar elithrar
v1.1.1
03b6f63
Compare
Choose a tag to compare
v1.1.1

Versioning v1.1.1 to correctly comply with SemVer.

CHANGELOG
03b6f63 Add AUTHORS file; update LICENSE (#158)
9ee0d62 [build] Update deps to correct SemVer tags (#153)
a2f2a3d replacing travis badge with scaling svg (#147)
92b749d Add link to XORM store implementation (#149)
7910f5b Added description about Max-Age field in Options (#148)
7087b4d Add go.mod file for vgo dependency management. (#145)
6ba88b7 Prevent panic in NewSession function (#140)
41ee504 Add link to memstore implementation (#143)
fe21b6a Update doc.go (#127)
a3acf13 Add missing error check (#123)

Assets 2
Loading

v1.1

23 Sep 05:40
@elithrar elithrar
v1.1
ca9ada4
Compare
Choose a tag to compare
v1.1
  • gorilla/sessions has long needed an official release (although, strict version tags were less useful prior to vendoring tools)
  • This version is the last version that supports gorilla/context going forward due to the incompability between its global map of *http.Requests and Go 1.7's new http.Request.WithContext(). The shallow copy of the request changes the address, causing gorilla/context's map to point to the old request.
Assets 2
Loading