Zend Session Laravel Package

Added

• Nothing.

Changed

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #123 fixes a bug preventing two first hash functions from hash_algos() (usually md2 and md4) from being used in SessionConfig::setHashFunction.

Added

• #115 adds support for PHP 7.3.

Changed

• Nothing.

Deprecated

• Nothing.

Removed

• #115 removes support for zend-stdlib v2 releases.

Fixed

• Nothing.

Added

• Nothing.

Changed

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #122 fixes type check for configuration of session storage. Allows input to be an instance of ArrayAccess or an array.

Added

• Nothing.

Changed

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #120 fixes issue "Commands out of sync; you can't run this command now" with DbTableGateway save handler while using Mysqli adapter.

• #106 fixes issue with Garbage collection of MongoDB save handler where maxlifetime is provided in seconds.

• #114 fixes Validator\Id compatibility with PHP 7.1. INI setting session.sid_bits_per_character can be now used with PHP 7.1+ instead of session.hash_bits_per_character (used with PHP versions prior to 7.1).

  In some very specific situations this can lead to an issue with previously generated sessions. See issue #121.

• #118 avoid unnecessary phpinfo() call when register own save handler which is an object.

Added

• Nothing.

Changed

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #108 fixes a dependency conflict in composer.json which prevented phpunit/phpunit 6.5 or newer from being installed together with zendframework/zend-session.

Added

• Nothing.

Changed

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #107 fixes an error raised by ini_set() within SessionConfig::setStorageOption() that occurs for certain INI values that cannot be set if the session is active. When this situation occurs, the class performs a session_write_close(), sets the new INI value, and then restarts the session. As such, we recommend that you either set production INI values in your production php.ini, and/or always pass your fully configured session manager to container instances you create.

• #105 fixes an edge case whereby if the special __ZF session value is a non-array value, initializing the session would result in errors.

• #102 fixes an issue introduced with 2.8.0 with AbstractContainer::offsetGet. Starting in 2.8.0, if the provided $key did not exist, the method would raise an error regarding an invalid variable reference; this release provides a fix that resolves that issue.

Added

• Nothing.

Changed

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #101 fixes an issue created with the 2.8.2 release with regards to setting a session save path for non-files save handlers; prior to this patch, incorrect validations were run on the path provided, leading to unexpected exceptions being raised.

Added

• Nothing.

Changed

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #85 fixes an issue with how the expiration seconds are handled when a long-running request occurs. Previously, when called, it would use the value of $_SERVER['REQUEST_TIME'] to calculate the expiration time; this would cause failures if the expiration seconds had been reached by the time the value was set. It now correctly uses the current time().

• #99 fixes how Zend\Session\Config\SessionConfig handles attaching save handlers to ensure it will honor any handlers registered with the PHP engine (e.g., redis, rediscluster, etc.).

Added

• #92 adds PHP 7.2 support.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #57 and #93 provide a fix for when data found in the session is a Traversable; such data is now cast to an array before merging with new data.

Added

• #78 adds support for PHP 7.1, and specifically the following options:
  • session.sid_length
  • session.sid_bits_per_character

Changed

• #73 modifies the SessionManagerFactory to take into account the $requestedName; if the $requestedName is the name of a class that implements ManagerInterface, that class will be instantiated instead of SessionManager, but using the same arguments ($config, $storage, $savehandler, $validators, $options).

• #78 updates the SessionConfig class to emit deprecation notices under PHP 7.1+ when a user attempts to set INI options no longer supported by PHP 7.1+, including:

  • session.entropy_file
  • session.entropy_length
  • session.hash_function
  • session.hash_bits_per_character

Deprecated

• Nothing.

Removed

• #78 removes support for PHP 5.5.

• #78 removes support for HHVM.

Fixed

• Nothing.

Added

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #66 fixes how the Cache save handler's destroy() method works, ensuring it does not attempt to remove an item by $id if it does not already exist in the cache.
• #79 updates the signature of AbstractContainer::offsetGet() to match Zend\Stdlib\ArrayObject and return by reference, fixing an issue when running under PHP 7.1+.

Added

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #51 provides a fix to the DbTableGateway save handler to prevent infinite recursion when attempting to destroy an expired record during initial read operations.
• #45 updates the SessionManager::regenerateId() method to only regenerate the identifier if a session already exists.

Added

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #46 provides fixes to each of the Cache and DbTaleGateway save handlers to ensure they work when used under PHP 7.

Added

• #40 adds and publishes the documentation to https://zendframework.github.io/zend-session/

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #38 ensures that the value from session.gc_maxlifetime is cast to an integer before assigning it as the lifetime value in the MongoDB adapter, ensuring sessions may be deleted.

Added

• #23 provides a new Id validator to ensure that the session identifier is not malformed. This validator is now enabled by default; to disable it, pass ['attach_default_validators' => false] as the fifth argument to SessionManager, or pass an options array with that value under the session_manager configuration key.
• #34 adds the option to use exporeAfterSeconds with the MongoDB save handler.
• #37 exposes the package as a standalone config-provider/component, adding:
  • Zend\Session\ConfigProvider, which maps the default services offered by the package, including the ContainerAbstractServiceFactory.
  • Zend\Session\Module, which does the same, but for zend-mvc contexts.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #34 updates the component to use ext/mongodb + the MongoDB PHP client library, instead of ext/mongo, for purposes of the MongoDB save handler, allowing the component to be used with modern MongoDB installations.

Added

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #32 provides a better polfill for the ValidatorChain to ensure it can be represented in auto-generated classmaps (e.g., via composer dump-autoload --optimize and/or composer dump-autoload --classmap-authoritative).

Added

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #29 extracts the constructor defined in Zend\Session\Validator\ValidatorChainTrait and pushes it into each of the ValidatorChainEM2 and ValidatorChainEM3 implementations, to prevent colliding constructor definitions due to inheritance + trait usage.

Added

• #29 adds two new classes: Zend\Session\Validator\ValidatorChainEM2 and ValidatorChainEM3. Due to differences in the EventManagerInterface::attach() method between zend-eventmanager v2 and v3, and the fact that ValidatorChain overrides that method, we now need an implementation targeting each major version. To provide a consistent use case, we use a polyfill that aliases the appropriate version to the Zend\Session\ValidatorChain class.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #29 updates the code to be forwards compatible with the v3 releases of zend-eventmanager and zend-servicemanager.
• #7 Mongo save handler was using sprintf formatting without sprintf.

Added

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• #3 Utilize SaveHandlerInterface vs. our own.

• #2 detect session exists by use of PHP_SESSION_ACTIVE

Added

• Nothing.

Changed

• Nothing.

Deprecated

• Nothing.

Removed

• Nothing.

Fixed

• Nothing.