From 12ac977a125cf094491c232916a0149ab0eb4695 Mon Sep 17 00:00:00 2001 From: Garion Herman Date: Fri, 30 Aug 2024 13:20:35 +0900 Subject: [PATCH] DOC Add notice regarding session renewal API changes --- en/08_Changelogs/6.0.0.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/en/08_Changelogs/6.0.0.md b/en/08_Changelogs/6.0.0.md index 41f22567..7ca5413e 100644 --- a/en/08_Changelogs/6.0.0.md +++ b/en/08_Changelogs/6.0.0.md @@ -27,6 +27,7 @@ title: 6.0.0 (unreleased) - [Other changes](#other-changes) - [MySQL 5 no longer supported](#mysql-5-support) - [`DBDecimal` default value](#dbdecimal-default-value) + - [Remember me token rotation](#remember-me-token-rotation) - [Full list of removed and changed API (by module, alphabetically)](#api-removed-and-changed) ## Features and enhancements @@ -384,6 +385,12 @@ MySQL 5.6 and 5.7 are no longer supported. The minimum supported version is MySQ Previously if an invalid default value was provided for a [`DBDecimal`](api:SilverStripe\ORM\FieldType\DBDecimal) database column, it would silently set the defalt value to `0`. This will now throw an exception instead, so that you're aware your configured value is invalid and can correct it. +### Remember me token rotation {#remember-me-token-rotation} + +[`RememberLoginHash`](api:SilverStripe\Security\RememberLoginHash) no longer rotates its token during session renewal, and related config to control this has been removed. This has no functional impact on the Remember Me feature, and resolves some edgecases that could trigger an unexpected logout. + +The related `onAfterRenewToken` extension hook has been renamed to `onAfterRenewSession`, and is triggered at the same logical step in the session renewal process. + ### Full list of removed and changed API (by module, alphabetically) {#api-removed-and-changed}