express-session 1.19.0

v1.19.0

on Node.js NPM

What's Changed

Main Changes

• Add dynamic cookie options support
  Cookie options can now be dynamic, allowing for more flexible and context-aware configuration based on each request. This feature enables programmatic modification of cookie attributes like secure, httpOnly, sameSite, maxAge, domain, and path based on session or request conditions.

  var app = express()
  app.use(session({
    secret: 'keyboard cat',
    resave: false,
    saveUninitialized: true,
    cookie: function (req) {
      var match = req.url.match(/^\/([^/]+)/);
      return {
        path: match ? '/' + match[1] : '/',
        httpOnly: true,
        secure: req.secure || false,
        maxAge: 60000
      }
    }
  }))

• Add sameSite 'auto' support for automatic SameSite attribute configuration
  Added sameSite: 'auto' option for cookie configuration that automatically sets SameSite=None for HTTPS and SameSite=Lax for HTTP connections, simplifying cookie handling across different environments.

• deps: use tilde notation for dependencies

PRs

• chore: add funding to package.json by @bjohansebas in #1071
• build(deps): bump actions/download-artifact from 4.3.0 to 6.0.0 by @dependabot[bot] in #1086
• build(deps): bump github/codeql-action from 3.28.18 to 4.31.2 by @dependabot[bot] in #1085
• build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 by @dependabot[bot] in #1091
• build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in #1090
• build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 by @dependabot[bot] in #1089
• build(deps): bump actions/checkout from 4.2.2 to 6.0.0 by @dependabot[bot] in #1088
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.3 by @dependabot[bot] in #1082
• refactor: remove unused sess parameter from generateSessionId fun… by @Ayoub-Mabrouk in #1001
• chore: remove history.md from being packaged on publish by @bjohansebas in #1097
• deps: use tilde notation for dependencies by @bjohansebas in #1096
• Add sameSite 'auto' support to match secure 'auto' pattern by @djunehor in #1087
• feat: add support to dynamic cookie options by @lincond in #1027
• Release: 1.19.0 by @UlisesGascon in #1107

New Contributors

• @Ayoub-Mabrouk made their first contribution in #1001
• @djunehor made their first contribution in #1087
• @lincond made their first contribution in #1027

Full Changelog: v1.18.2...v1.19.0