gorilla/sessions
### [`v1.2.1`](https://togithub.com/gorilla/sessions/releases/tag/v1.2.1): ✏️
[Compare Source](https://togithub.com/gorilla/sessions/compare/v1.2.0...v1.2.1)
A minor maintenance release that improves documentation and two new third-party store implementations.
##### CHANGELOG
- Fix typo in README example ([#223](https://togithub.com/gorilla/sessions/issues/223)) [@Coteh](https://togithub.com/Coteh)
- Add link to implementation for CockroachDB ([#219](https://togithub.com/gorilla/sessions/issues/219)) [@stephenafamo](https://togithub.com/stephenafamo)
- fix CookieStore creation in doc.go ([#206](https://togithub.com/gorilla/sessions/issues/206)) [@collinewait](https://togithub.com/collinewait)
- Add Redis store implementation ([#202](https://togithub.com/gorilla/sessions/issues/202)) [@rbcervilla](https://togithub.com/rbcervilla)
- README.md: link Cloud Firestore implementation ([#201](https://togithub.com/gorilla/sessions/issues/201)) [@tbpg](https://togithub.com/tbpg)
- Added \_ = to indicate there is a return from Save ([#197](https://togithub.com/gorilla/sessions/issues/197)) [@adamjack](https://togithub.com/adamjack)
- Removed unused global var ([#199](https://togithub.com/gorilla/sessions/issues/199)) [@muesli](https://togithub.com/muesli)
### [`v1.2.0`](https://togithub.com/gorilla/sessions/releases/tag/v1.2.0): 💾
[Compare Source](https://togithub.com/gorilla/sessions/compare/v1.1.3...v1.2.0)
This release removes [gorilla/context](https://togithub.com/gorilla/context) as a dependency. *sessions* now requires **Go 1.7 or greater** (released August, 2016), which provides a first-class request context for sessions and reduces user-facing complexity.
##### CHANGELOG
- Update go.mod: removes gorilla/context ([#196](https://togithub.com/gorilla/sessions/issues/196)) [@elithrar](https://togithub.com/elithrar)
- Create config.yml ([#195](https://togithub.com/gorilla/sessions/issues/195)) [@elithrar](https://togithub.com/elithrar)
- merge Commits on Dec 09, 2018 ([#1](https://togithub.com/gorilla/sessions/issues/1)) [@liu-xuewen](https://togithub.com/liu-xuewen)
- - use golang context pkg instead of gorilla/context to fix memory leaks ([#175](https://togithub.com/gorilla/sessions/issues/175)) [@secracon](https://togithub.com/secracon)
- Update and rename stale to stale.yml ([#177](https://togithub.com/gorilla/sessions/issues/177)) [@elithrar](https://togithub.com/elithrar)
- Add stalebot config ([#176](https://togithub.com/gorilla/sessions/issues/176)) [@elithrar](https://togithub.com/elithrar)
- README: convert key to bytes before passing to NewCookieStore ([#174](https://togithub.com/gorilla/sessions/issues/174)) [@nikhita](https://togithub.com/nikhita)
- Run go mod tidy ([#171](https://togithub.com/gorilla/sessions/issues/171)) [@keegancsmith](https://togithub.com/keegancsmith)
### [`v1.1.3`](https://togithub.com/gorilla/sessions/releases/tag/v1.1.3): Bug Fix: SameSite
[Compare Source](https://togithub.com/gorilla/sessions/compare/v1.1.2...v1.1.3)
This release fixes an oversight in how cookie options were copied internally, impacting SameSite cookie settings.
##### CHANGELOG
- \[docs] Improve advice around key generation & usage. ([#168](https://togithub.com/gorilla/sessions/issues/168)) [@elithrar](https://togithub.com/elithrar)
- Set http.Cookie's SameSite field in NewCookie for Go 1.11 or later ([#170](https://togithub.com/gorilla/sessions/issues/170)) [@nwidger](https://togithub.com/nwidger)
### [`v1.1.2`](https://togithub.com/gorilla/sessions/releases/tag/v1.1.2): - SameSite Cookie Support
[Compare Source](https://togithub.com/gorilla/sessions/compare/v1.1.1...v1.1.2)
*gorilla/sessions* now supports the [`SameSite`](https://golang.org/pkg/net/http/#SameSite) cookie attribute added in Go 1.11.
Cookies with this set (in Strict mode, preferably) are only sent on requests originating *from* the same origin at as the cookie domain, rather than for all requests to that domain no matter the origin.
You can set `SameSite` on a session by setting `session.Options.SameSite` to a valid value:
```go
func MyHandler(w http.ResponseWriter, r *http.Request) {
session, err := store.Get(r, "session-name")
if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// Set the SameSite mode via one of the typed constants described
// at https://golang.org/pkg/net/http/#SameSite
session.Options = &sessions.Options{SameSite: http.SameSiteStrictMode}
if err := session.Save(r, w); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
}
```
You can read more about the SameSite attribute on [Mozilla's blog](https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/), or inthe [RFC itself](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02#section-5.3.7).
##### CHANGELOG
- Create release-drafter.yml ([#166](https://togithub.com/gorilla/sessions/issues/166)) [@elithrar](https://togithub.com/elithrar)
- Update Travis CI to build against the latest Go ([#167](https://togithub.com/gorilla/sessions/issues/167)) [@elithrar](https://togithub.com/elithrar)
- Adds support for SameSite cookie attribute ([#165](https://togithub.com/gorilla/sessions/issues/165)) [@elithrar](https://togithub.com/elithrar)
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
v0.0.0-20160922145804-ca9ada445741->v1.2.1Release Notes
gorilla/sessions
### [`v1.2.1`](https://togithub.com/gorilla/sessions/releases/tag/v1.2.1): ✏️ [Compare Source](https://togithub.com/gorilla/sessions/compare/v1.2.0...v1.2.1) A minor maintenance release that improves documentation and two new third-party store implementations. ##### CHANGELOG - Fix typo in README example ([#223](https://togithub.com/gorilla/sessions/issues/223)) [@Coteh](https://togithub.com/Coteh) - Add link to implementation for CockroachDB ([#219](https://togithub.com/gorilla/sessions/issues/219)) [@stephenafamo](https://togithub.com/stephenafamo) - fix CookieStore creation in doc.go ([#206](https://togithub.com/gorilla/sessions/issues/206)) [@collinewait](https://togithub.com/collinewait) - Add Redis store implementation ([#202](https://togithub.com/gorilla/sessions/issues/202)) [@rbcervilla](https://togithub.com/rbcervilla) - README.md: link Cloud Firestore implementation ([#201](https://togithub.com/gorilla/sessions/issues/201)) [@tbpg](https://togithub.com/tbpg) - Added \_ = to indicate there is a return from Save ([#197](https://togithub.com/gorilla/sessions/issues/197)) [@adamjack](https://togithub.com/adamjack) - Removed unused global var ([#199](https://togithub.com/gorilla/sessions/issues/199)) [@muesli](https://togithub.com/muesli) ### [`v1.2.0`](https://togithub.com/gorilla/sessions/releases/tag/v1.2.0): 💾 [Compare Source](https://togithub.com/gorilla/sessions/compare/v1.1.3...v1.2.0) This release removes [gorilla/context](https://togithub.com/gorilla/context) as a dependency. *sessions* now requires **Go 1.7 or greater** (released August, 2016), which provides a first-class request context for sessions and reduces user-facing complexity. ##### CHANGELOG - Update go.mod: removes gorilla/context ([#196](https://togithub.com/gorilla/sessions/issues/196)) [@elithrar](https://togithub.com/elithrar) - Create config.yml ([#195](https://togithub.com/gorilla/sessions/issues/195)) [@elithrar](https://togithub.com/elithrar) - merge Commits on Dec 09, 2018 ([#1](https://togithub.com/gorilla/sessions/issues/1)) [@liu-xuewen](https://togithub.com/liu-xuewen) - - use golang context pkg instead of gorilla/context to fix memory leaks ([#175](https://togithub.com/gorilla/sessions/issues/175)) [@secracon](https://togithub.com/secracon) - Update and rename stale to stale.yml ([#177](https://togithub.com/gorilla/sessions/issues/177)) [@elithrar](https://togithub.com/elithrar) - Add stalebot config ([#176](https://togithub.com/gorilla/sessions/issues/176)) [@elithrar](https://togithub.com/elithrar) - README: convert key to bytes before passing to NewCookieStore ([#174](https://togithub.com/gorilla/sessions/issues/174)) [@nikhita](https://togithub.com/nikhita) - Run go mod tidy ([#171](https://togithub.com/gorilla/sessions/issues/171)) [@keegancsmith](https://togithub.com/keegancsmith) ### [`v1.1.3`](https://togithub.com/gorilla/sessions/releases/tag/v1.1.3): Bug Fix: SameSite [Compare Source](https://togithub.com/gorilla/sessions/compare/v1.1.2...v1.1.3) This release fixes an oversight in how cookie options were copied internally, impacting SameSite cookie settings. ##### CHANGELOG - \[docs] Improve advice around key generation & usage. ([#168](https://togithub.com/gorilla/sessions/issues/168)) [@elithrar](https://togithub.com/elithrar) - Set http.Cookie's SameSite field in NewCookie for Go 1.11 or later ([#170](https://togithub.com/gorilla/sessions/issues/170)) [@nwidger](https://togithub.com/nwidger) ### [`v1.1.2`](https://togithub.com/gorilla/sessions/releases/tag/v1.1.2): - SameSite Cookie Support [Compare Source](https://togithub.com/gorilla/sessions/compare/v1.1.1...v1.1.2) *gorilla/sessions* now supports the [`SameSite`](https://golang.org/pkg/net/http/#SameSite) cookie attribute added in Go 1.11. Cookies with this set (in Strict mode, preferably) are only sent on requests originating *from* the same origin at as the cookie domain, rather than for all requests to that domain no matter the origin. You can set `SameSite` on a session by setting `session.Options.SameSite` to a valid value: ```go func MyHandler(w http.ResponseWriter, r *http.Request) { session, err := store.Get(r, "session-name") if err != nil { http.Error(w, err.Error(), http.StatusBadRequest) return } // Set the SameSite mode via one of the typed constants described // at https://golang.org/pkg/net/http/#SameSite session.Options = &sessions.Options{SameSite: http.SameSiteStrictMode} if err := session.Save(r, w); err != nil { http.Error(w, err.Error(), http.StatusBadRequest) return } } ``` You can read more about the SameSite attribute on [Mozilla's blog](https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/), or inthe [RFC itself](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02#section-5.3.7). ##### CHANGELOG - Create release-drafter.yml ([#166](https://togithub.com/gorilla/sessions/issues/166)) [@elithrar](https://togithub.com/elithrar) - Update Travis CI to build against the latest Go ([#167](https://togithub.com/gorilla/sessions/issues/167)) [@elithrar](https://togithub.com/elithrar) - Adds support for SameSite cookie attribute ([#165](https://togithub.com/gorilla/sessions/issues/165)) [@elithrar](https://togithub.com/elithrar)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.