Skip to content
This repository has been archived by the owner on Jul 15, 2020. It is now read-only.

Release v2.4.4
Compare
Choose a tag to compare
@iaincollins iaincollins released this 09 Feb 17:57
· 231 commits to master since this release
v2.4.4
e8a6d6c

This release features email only based authentication, with CSRF protection and using httpOnly cookies to project against XSS exploits.

It is the first release to feature a fully implemented session class, that includes being able to specify how long a client should consider a session valid for before it checks with the server again.

This value can be 0 (to force the client to check the session state on every page navigation or interaction with the session component, which is how sessions behave normally with server-only rendering) or 30 seconds or longer, to reduce the amount of traffic to the server, which will make navigating between pages faster for users.

The default value for 'clientMaxAge' been set to 60 seconds and like all other auth options can be configured when 'routes/auth.js' is invoked. Note this is distinct (and less than) the actual session maxAge.

Note: Regardless of this value, users will always see their session status updated immediately if the sign or out, as that information is shared between tabs and windows.

Future releases will see updates and refactoring to the authentication to add new features. If you wish to just reference a simpler release, this would be an appropriate release to choose.

Assets 2