Release 3.9

Fixed

• Fix #138 issue of chunked cookies are not expired when session shrinks,
  thanks @alexdowad.
• Fix #134 where regenerate strategy destroyed previous session when calling
  session:regenerate, it should just ttl the old session, thanks @hoebelix

Added

• AES GCM mode support was added to AES cipher.
  This is recommended, but for backward compatibility it was not set as default.
  It will be changed in 4.0 release.
• Redis ACL authentication is now available.
  • Add session_redis_username
  • Add session_redis_password
  • Deprecate session_redis_auth; use session_redis_password

Changed

• Optimize Redis and Memcache storage adapters to not connect to database
  when not needed.

Release 3.8

Added

• Connection options are now passed to redis cluster client as well.

Release 3.7

Fixed

• Fix #107 where session.start could release a lock for a short period

Added

• Add keep_lock argument to session.open
• Add pluggable compressors, and implement none and zlib compressor

Release 3.6

Fixed

• Fix session:hide() to only send a single Cookie header at most as reported by @jharriman who also provided a fix with #103. Thank you!

Release 3.5

Fixed

• Fix session:hide() to not clear non-session request cookies that it seemed to do in some cases as reported by @altexy who also provided initial fix with #100. Thank you!

Release 3.4

Fixed

• Fix session_cookie_maxsize - error attempt to compare string with number,
  fixes #98, thank you @vavra5

Changed

• More robust and uniform configuration parsing

Release 3.3

Fixed

• Fix set_timeouts is only called if all parameters are available,
  should fix #96, thank you @notdodo.

Added

• Add $session_memcache_connect_timeout configuration option
• Add $session_memcache_read_timeout configuration option
• Add $session_memcache_send_timeout configuration option
• Add $session_memcache_pool_name configuration option
• Add $session_memcache_pool_backlog configuration option
• Add $session_dshm_connect_timeout configuration option
• Add $session_dshm_read_timeout configuration option
• Add $session_dshm_send_timeout configuration option
• Add $session_dshm_pool_name configuration option
• Add $session_dshm_pool_backlog configuration option

Release 3.2

Added

• Support for Redis clusters
• Add $session_redis_connect_timeout configuration option
• Add $session_redis_read_timeout configuration option
• Add $session_redis_send_timeout configuration option
• Add $session_redis_pool_name configuration option
• Add $session_redis_pool_backlog configuration option
• Add $session_redis_cluster_name configuration option
• Add $session_redis_cluster_dict configuration option
• Add $session_redis_cluster_maxredirections configuration option
• Add $session_redis_cluster_nodes configuration option

Release 3.1

Added

• A more flexible way to specify custom implementations:
  require "resty.session".new { storage = require "my.storage"

Release 3.0

Fixed

• Lock releasing is a lot more robust now

Added

• Add idletime setting (thanks @Tieske), see session.cookie.idletime
• Add support for Cookie prefixes __Host- and __Secure- on Cookie
  name (see: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-05#section-4.1.3)

Changed

• The whole codebase was refactored and simplified, especially implementing
  new storage adapters is now a lot easier
• Redis and Memcached spinlockwait was changed from microseconds to milliseconds and default
  is set to 150 milliseconds,
• Redis and Memcache will only release locks that current session instance holds
• DSHM session_dshm_store was renamed to session_dshm_region
• BASE64 encoding now strips the padding