7.0.0

This release renames the default session cookie to add a __Secure- prefix, which, in compliant user agents, means that the cookie will be rejected when used in insecure contexts (such as HTTPS to HTTP downgrade).

This change is a major BC break, since upgrading the library will now lead to active sessions being dropped when deploying an application with this new version.

References:

• https://scotthelme.co.uk/tough-cookies/
• https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00

Total issues resolved: 3

• 115: Update infection/infection requirement from ^0.15.3 to ^0.16.1 thanks to @dependabot-preview[bot]
• 118: Limitations: pinpoint how to invalidate all active sessions thanks to @Slamdunk
• 119: Set "__Secure-" Cookie Prefix by default thanks to @Slamdunk