From 37e65b3785017a9d677afbc4c39800f2e0d25b79 Mon Sep 17 00:00:00 2001 From: Garion Herman Date: Fri, 30 Aug 2024 13:20:35 +0900 Subject: [PATCH] DOC Add notice regarding session renewal API changes --- en/08_Changelogs/6.0.0.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/en/08_Changelogs/6.0.0.md b/en/08_Changelogs/6.0.0.md index 41f22567..c0484db4 100644 --- a/en/08_Changelogs/6.0.0.md +++ b/en/08_Changelogs/6.0.0.md @@ -27,6 +27,7 @@ title: 6.0.0 (unreleased) - [Other changes](#other-changes) - [MySQL 5 no longer supported](#mysql-5-support) - [`DBDecimal` default value](#dbdecimal-default-value) + - [Remember Me token rotation](#remember-me-token-rotation) - [Full list of removed and changed API (by module, alphabetically)](#api-removed-and-changed) ## Features and enhancements @@ -384,6 +385,12 @@ MySQL 5.6 and 5.7 are no longer supported. The minimum supported version is MySQ Previously if an invalid default value was provided for a [`DBDecimal`](api:SilverStripe\ORM\FieldType\DBDecimal) database column, it would silently set the defalt value to `0`. This will now throw an exception instead, so that you're aware your configured value is invalid and can correct it. +### Remember Me token rotation {#remember-me-token-rotation} + +[`RememberLoginHash`](api:SilverStripe\Security\RememberLoginHash) no longer rotates its token during session renewal, and related config to control this has been removed. This has no functional impact on the Remember Me feature, and resolves some edgecases that could trigger an unexpected logout. + +The related `onAfterRenewToken` extension hook has been renamed to `onAfterRenewSession`, and is triggered at the same logical step in the session renewal process. + ### Full list of removed and changed API (by module, alphabetically) {#api-removed-and-changed}