# Changelog All notable changes to this project will be documented in this file, in reverse chronological order by release. ## 2.8.7 - 2019-09-19 ### Added - Nothing. ### Changed - Nothing. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - [#122](https://github.com/zendframework/zend-session/pull/122) fixes type check for configuration of session storage. Allows input to be an instance of ArrayAccess or an array. ## 2.8.6 - 2019-08-11 ### Added - Nothing. ### Changed - Nothing. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - [#120](https://github.com/zendframework/zend-session/pull/120) fixes issue "Commands out of sync; you can't run this command now" with DbTableGateway save handler while using Mysqli adapter. - [#106](https://github.com/zendframework/zend-session/pull/106) fixes issue with Garbage collection of MongoDB save handler where maxlifetime is provided in seconds. - [#114](https://github.com/zendframework/zend-session/pull/114) fixes Validator\Id compatibility with PHP 7.1. INI setting `session.sid_bits_per_character` can be now used with PHP 7.1+ instead of `session.hash_bits_per_character` (used with PHP versions prior to 7.1). In some very specific situations this can lead to an issue with previously generated sessions. See issue [#121](https://github.com/zendframework/zend-session/issues/121). - [#118](https://github.com/zendframework/zend-session/pull/118) avoid unnecessary phpinfo() call when register own save handler which is an object. ## 2.8.5 - 2018-02-22 ### Added - Nothing. ### Changed - Nothing. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - [#108](https://github.com/zendframework/zend-session/pull/108) fixes a dependency conflict in `composer.json` which prevented `phpunit/phpunit` 6.5 or newer from being installed together with `zendframework/zend-session`. ## 2.8.4 - 2018-01-31 ### Added - Nothing. ### Changed - Nothing. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - [#107](https://github.com/zendframework/zend-session/pull/107) fixes an error raised by `ini_set()` within `SessionConfig::setStorageOption()` that occurs for certain INI values that cannot be set if the session is active. When this situation occurs, the class performs a `session_write_close()`, sets the new INI value, and then restarts the session. As such, we recommend that you either set production INI values in your production `php.ini`, and/or always pass your fully configured session manager to container instances you create. - [#105](https://github.com/zendframework/zend-session/pull/105) fixes an edge case whereby if the special `__ZF` session value is a non-array value, initializing the session would result in errors. - [#102](https://github.com/zendframework/zend-session/pull/102) fixes an issue introduced with 2.8.0 with `AbstractContainer::offsetGet`. Starting in 2.8.0, if the provided `$key` did not exist, the method would raise an error regarding an invalid variable reference; this release provides a fix that resolves that issue. ## 2.8.3 - 2017-12-01 ### Added - Nothing. ### Changed - Nothing. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - [#101](https://github.com/zendframework/zend-session/pull/101) fixes an issue created with the 2.8.2 release with regards to setting a session save path for non-files save handlers; prior to this patch, incorrect validations were run on the path provided, leading to unexpected exceptions being raised. ## 2.8.2 - 2017-11-29 ### Added - Nothing. ### Changed - Nothing. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - [#85](https://github.com/zendframework/zend-session/pull/85) fixes an issue with how the expiration seconds are handled when a long-running request occurs. Previously, when called, it would use the value of `$_SERVER['REQUEST_TIME']` to calculate the expiration time; this would cause failures if the expiration seconds had been reached by the time the value was set. It now correctly uses the current `time()`. - [#99](https://github.com/zendframework/zend-session/pull/99) fixes how `Zend\Session\Config\SessionConfig` handles attaching save handlers to ensure it will honor any handlers registered with the PHP engine (e.g., redis, rediscluster, etc.). ## 2.8.1 - 2017-11-28 ### Added - [#92](https://github.com/zendframework/zend-session/pull/92) adds PHP 7.2 support. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - [#57](https://github.com/zendframework/zend-session/pull/57) and [#93](https://github.com/zendframework/zend-session/pull/93) provide a fix for when data found in the session is a `Traversable`; such data is now cast to an array before merging with new data. ## 2.8.0 - 2017-06-19 ### Added - [#78](https://github.com/zendframework/zend-session/pull/78) adds support for PHP 7.1, and specifically the following options: - `session.sid_length` - `session.sid_bits_per_character` ### Changed - [#73](https://github.com/zendframework/zend-session/pull/73) modifies the `SessionManagerFactory` to take into account the `$requestedName`; if the `$requestedName` is the name of a class that implements `ManagerInterface`, that class will be instantiated instead of `SessionManager`, but using the same arguments (`$config, $storage, $savehandler, $validators, $options`). - [#78](https://github.com/zendframework/zend-session/pull/78) updates the `SessionConfig` class to emit deprecation notices under PHP 7.1+ when a user attempts to set INI options no longer supported by PHP 7.1+, including: - `session.entropy_file` - `session.entropy_length` - `session.hash_function` - `session.hash_bits_per_character` ### Deprecated - Nothing. ### Removed - [#78](https://github.com/zendframework/zend-session/pull/78) removes support for PHP 5.5. - [#78](https://github.com/zendframework/zend-session/pull/78) removes support for HHVM. ### Fixed - Nothing. ## 2.7.4 - 2017-06-19 ### Added - Nothing. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - [#66](https://github.com/zendframework/zend-session/pull/66) fixes how the `Cache` save handler's `destroy()` method works, ensuring it does not attempt to remove an item by `$id` if it does not already exist in the cache. - [#79](https://github.com/zendframework/zend-session/pull/79) updates the signature of `AbstractContainer::offsetGet()` to match `Zend\Stdlib\ArrayObject` and return by reference, fixing an issue when running under PHP 7.1+. ## 2.7.3 - 2016-07-05 ### Added - Nothing. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - [#51](https://github.com/zendframework/zend-session/pull/51) provides a fix to the `DbTableGateway` save handler to prevent infinite recursion when attempting to destroy an expired record during initial read operations. - [#45](https://github.com/zendframework/zend-session/pull/45) updates the `SessionManager::regenerateId()` method to only regenerate the identifier if a session already exists. ## 2.7.2 - 2016-06-24 ### Added - Nothing. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - [#46](https://github.com/zendframework/zend-session/pull/46) provides fixes to each of the `Cache` and `DbTaleGateway` save handlers to ensure they work when used under PHP 7. ## 2.7.1 - 2016-05-11 ### Added - [#40](https://github.com/zendframework/zend-session/pull/40) adds and publishes the documentation to https://zendframework.github.io/zend-session/ ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - [#38](https://github.com/zendframework/zend-session/pull/38) ensures that the value from `session.gc_maxlifetime` is cast to an integer before assigning it as the `lifetime` value in the `MongoDB` adapter, ensuring sessions may be deleted. ## 2.7.0 - 2016-04-12 ### Added - [#23](https://github.com/zendframework/zend-session/pull/23) provides a new `Id` validator to ensure that the session identifier is not malformed. This validator is now enabled by default; to disable it, pass `['attach_default_validators' => false]` as the fifth argument to `SessionManager`, or pass an `options` array with that value under the `session_manager` configuration key. - [#34](https://github.com/zendframework/zend-session/pull/34) adds the option to use `exporeAfterSeconds` with the `MongoDB` save handler. - [#37](https://github.com/zendframework/zend-session/pull/37) exposes the package as a standalone config-provider/component, adding: - `Zend\Session\ConfigProvider`, which maps the default services offered by the package, including the `ContainerAbstractServiceFactory`. - `Zend\Session\Module`, which does the same, but for zend-mvc contexts. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - [#34](https://github.com/zendframework/zend-session/pull/34) updates the component to use ext/mongodb + the MongoDB PHP client library, instead of ext/mongo, for purposes of the `MongoDB` save handler, allowing the component to be used with modern MongoDB installations. ## 2.6.2 - 2016-02-25 ### Added - Nothing. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - [#32](https://github.com/zendframework/zend-session/pull/32) provides a better polfill for the `ValidatorChain` to ensure it can be represented in auto-generated classmaps (e.g., via `composer dump-autoload --optimize` and/or `composer dump-autoload --classmap-authoritative`). ## 2.6.1 - 2016-02-23 ### Added - Nothing. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - [#29](https://github.com/zendframework/zend-session/pull/29) extracts the constructor defined in `Zend\Session\Validator\ValidatorChainTrait` and pushes it into each of the `ValidatorChainEM2` and `ValidatorChainEM3` implementations, to prevent colliding constructor definitions due to inheritance + trait usage. ## 2.6.0 - 2016-02-23 ### Added - [#29](https://github.com/zendframework/zend-session/pull/29) adds two new classes: `Zend\Session\Validator\ValidatorChainEM2` and `ValidatorChainEM3`. Due to differences in the `EventManagerInterface::attach()` method between zend-eventmanager v2 and v3, and the fact that `ValidatorChain` overrides that method, we now need an implementation targeting each major version. To provide a consistent use case, we use a polyfill that aliases the appropriate version to the `Zend\Session\ValidatorChain` class. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - [#29](https://github.com/zendframework/zend-session/pull/29) updates the code to be forwards compatible with the v3 releases of zend-eventmanager and zend-servicemanager. - [#7](https://github.com/zendframework/zend-session/pull/7) Mongo save handler was using sprintf formatting without sprintf. ## 2.5.2 - 2015-07-29 ### Added - Nothing. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - [#3](https://github.com/zendframework/zend-session/pull/3) Utilize SaveHandlerInterface vs. our own. - [#2](https://github.com/zendframework/zend-session/pull/2) detect session exists by use of *PHP_SESSION_ACTIVE*