1.6.0

• Add deprecation message to undefined resave option
• Add deprecation message to undefined saveUninitialized option
• Fix res.end patch to return correct value
• Fix res.end patch to handle multiple res.end calls
• Reject cookies with missing signatures

1.5.2

• deps: cookie-signature@1.0.4
  • fix for timing attacks

1.5.1

• Move hard-to-track-down req.secret deprecation message

1.5.0

• Debug name is now "express-session"
• Deprecate integration with cookie-parser middleware
• Deprecate looking for secret in req.secret
• Directly read cookies; cookie-parser no longer required
• Directly set cookies; res.cookie no longer required
• Generate session IDs with uid-safe, faster and even less collisions

1.4.0

• Add genid option to generate custom session IDs
• Add saveUninitialized option to control saving uninitialized sessions
• Add unset option to control unsetting req.session
• Generate session IDs with rand-token by default; reduce collisions
• deps: buffer-crc32@0.2.3

1.3.1

• Add description in package for npmjs.org listing

1.3.0

• Integrate with express "trust proxy" by default
• deps: debug@1.0.2

1.2.1

• Fix resave such that resave: true works

1.2.0

• Add resave option to control saving unmodified sessions

1.1.0

• Add name option; replacement for key option
• Use setImmediate in MemoryStore for node.js >= 0.10