v0.10.2

What's Changed

• Ensure "Path" and "Domain" are set on removal cookie #154

Full Changelog: v0.10.1...v0.10.2

v0.10.1

What's Changed

• Ensure Expires: Session. #149

Full Changelog: v0.10.0...v0.10.1

v0.10.0

What's Changed

Breaking Changes

• Improve session ID #141
• Relocate previously bundled stores #145
• Move service out of core #146

Session IDs are now represented as base64-encoded i128s, boast 128 bits of entropy, and are shorter, saving network bandwidth and improving the secure nature of sessions.

We no longer bundle session stores via feature flags and as such applications must be updated to require the stores directly. For example, applications that use the tower-sessions-sqlx-store should update their Cargo.toml like so:

tower-sessions = "0.10.0"
tower-sessions-sqlx-store = { version = "0.10.0", features = ["sqlite"] }

Assuming a SQLite store, as an example.

Furthermore, imports will also need to be updated accordingly. For example:

use std::net::SocketAddr;

use axum::{response::IntoResponse, routing::get, Router};
use serde::{Deserialize, Serialize};
use time::Duration;
use tower_sessions::{session_store::ExpiredDeletion, Expiry, Session, SessionManagerLayer};
use tower_sessions_sqlx_store::{sqlx::SqlitePool, SqliteStore};

const COUNTER_KEY: &str = "counter";

#[derive(Serialize, Deserialize, Default)]
struct Counter(usize);

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    let pool = SqlitePool::connect("sqlite::memory:").await?;
    let session_store = SqliteStore::new(pool);
    session_store.migrate().await?;

    let deletion_task = tokio::task::spawn(
        session_store
            .clone()
            .continuously_delete_expired(tokio::time::Duration::from_secs(60)),
    );

    let session_layer = SessionManagerLayer::new(session_store)
        .with_secure(false)
        .with_expiry(Expiry::OnInactivity(Duration::seconds(10)));

    let app = Router::new().route("/", get(handler)).layer(session_layer);

    let addr = SocketAddr::from(([127, 0, 0, 1], 3000));
    let listener = tokio::net::TcpListener::bind(&addr).await?;
    axum::serve(listener, app.into_make_service()).await?;

    deletion_task.await??;

    Ok(())
}

async fn handler(session: Session) -> impl IntoResponse {
    let counter: Counter = session.get(COUNTER_KEY).await.unwrap().unwrap_or_default();
    session.insert(COUNTER_KEY, counter.0 + 1).await.unwrap();
    format!("Current count: {}", counter.0)
}

Finally, the service itself has been moved out of the core crate, which makes this crate smaller as well as establishes better boundaries between code.

Thank you for bearing with us: we are approaching longer term stability and aim to minimize churn going forward as we begin to move toward a 1.0 release.

New Contributors

• @bekriebel made their first contribution in #140
• @nul-reference made their first contribution in #141

Full Changelog: v0.9.1...v0.10.0

v0.9.1

What's Changed

• Ensure clear works before record loading by @martinetd in #134

New Contributors

• @martinetd made their first contribution in #134

Full Changelog: v0.9.0...v0.9.1

v0.9.0

What's Changed

Breaking Changes

• Make service infallible. #132

This updates the service such that it always returns a response directly. In practice this means that e.g. axum applications no longer need the HandleErrorLayer and instead can use the layer directly. Note that if you use other fallible tower middleware, you will still need to use HandleErrorLayer.

As such we've also remove the MissingCookies and MissingId variants from the session error enum.

New Contributors

• @imbolc made their first contribution in #126

Full Changelog: v0.8.2...v0.9.0

v0.8.2

What's Changed

• Add PartialEq for Record to facilitate testing by @rynoV in #125

New Contributors

• @rynoV made their first contribution in #125

Full Changelog: v0.8.1...v0.8.2

v0.8.1

What's Changed

• Allow constructing a RedisStore from a RedisPool by @thallada in #122

New Contributors

• @thallada made their first contribution in #122

Full Changelog: v0.8.0...v0.8.1

v0.8.0

What's Changed

Breaking Changes

• Lazy sessions. #112

Among other things, session methods are now entirely async, meaning applications must be updated to await these methods in order to migrate.

Separately, SessionStore has been updated to use a Record intermediary. As such, SessionStore implementations must be updated accordingly.

Session stores now use a concrete error type that must be used in implementations of SessionStore.

The secure cookie attribute now defaults to true.

Full Changelog: v0.7.0...v0.8.0

v0.7.0

What's Changed

Breaking Changes

• Bump axum-core to 0.4.0, http to 1.0, tower-cookies to 0.10.0. #107

This brings tower-cookies up-to-date which includes an update to the cookies crate.

New Contributors

• @cole-h made their first contribution in #107

Full Changelog: v0.6.0...v0.7.0

v0.6.0

What's Changed

Breaking Changes

• Remove concurrent shared memory access support; this may also address some performance degradations. #91
• Related to shared memory support, we also remove replace_if_equal, as it is no longer relevant. #91

Other Changes

• Allow setting up table and schema name for Postgres. #93

New Contributors

• @czocher made their first contribution in #93

Full Changelog: v0.5.1...v0.6.0