Skip to content

Releases: adonisjs/session

Session-aware redirects with intended URL support

Choose a tag to compare

@github-actions github-actions released this 09 Apr 11:12

8.1.0 (2026-04-09)

The Session class now provides setIntendedUrl, getIntendedUrl, pullIntendedUrl, and clearIntendedUrl methods for storing and retrieving intended redirect destinations. All stored URLs are validated against open-redirect attacks.

Redirect.getPreviousUrl is overridden via a macro to check the session for redirect.previousUrl before falling back to the Referer header.

New redirect macros:

  • withIntendedUrl and toIntended for forced and voluntary login flows
  • toIntendedRoute redirects to the intended URL from the session if one exists, otherwise falls back to computing a URL from a route identifier (same arguments as toRoute)

Features

  • add intended URL, previous URL session override, and redirect macros (34a6872)
  • add toIntendedRoute macro on Redirect (b0c4f34)

Full Changelog: v8.0.0...v8.1.0

Support for session tagging and collections and breaking changes in flash messages behavior

Choose a tag to compare

@github-actions github-actions released this 25 Feb 07:35

8.0.0 (2026-02-25)

Check all 8.0.0 pre-releases to get a better sense of changes

Features

  • export session.untag via the session object (603d838)
  • implement untag method for memory and redis stores (8cc39e7)
  • port DB adapter + tagging to v8 (6416ebc)
  • add support for tagging + SessionCollection (#94) (a51e388)
  • do not flash input data for inertia requests (91b60ee), closes #89

BREAKING CHANGES

  • In this release, we remove the deprecated errors property from the flash messages and you must rely on the inputErrors property instead to read input validation errors. Also, for Inertia applications, we no longer flash input data
  • Flashing multipart files has no utility and just pollutes the session data store. However, if there were apps relying on flashed multipart files, then they must upgrade their apps to explicitly flash properties from the multipart file (dbbdc2c)

What's Changed

Full Changelog: v7.5.1...v8.0.0

Update dependencies

Update dependencies Pre-release
Pre-release

Choose a tag to compare

@github-actions github-actions released this 18 Feb 13:16

8.0.0-next.6 (2026-02-18)

Add session.untag and session.supportsTagging methods

Choose a tag to compare

@github-actions github-actions released this 02 Feb 11:02

8.0.0-next.5 (2026-02-02)

Features

  • export session.untag via the session object (603d838)

Full Changelog: v8.0.0-next.4...v8.0.0-next.5

Add support for untagging a session

Pre-release

Choose a tag to compare

@github-actions github-actions released this 02 Feb 09:36

8.0.0-next.4 (2026-02-02)

Features

  • implement untag method for memory and redis stores (8cc39e7)

Full Changelog: v8.0.0-next.3...v8.0.0-next.4

Breaking - Do not store multipart files in flash messages

Choose a tag to compare

@github-actions github-actions released this 01 Feb 06:00

8.0.0-next.3 (2026-02-01)

Features

  • do not flash multipart files (dbbdc2c)

BREAKING CHANGES

  • Flashing multipart files has no utility and just pollutes the session data store. However, if there were apps relying on flashed multipart files, then they must upgrade their apps to explicitly flash properties from the multipart file

Full Changelog: v8.0.0-next.2...v8.0.0-next.3

DB Adapter and Tagging support

Pre-release

Choose a tag to compare

@github-actions github-actions released this 20 Dec 21:03

8.0.0-next.2 (2025-12-20)

Features

  • port DB adapter + tagging to v8 (6416ebc)

Bug fix around database tagging

Choose a tag to compare

@github-actions github-actions released this 20 Dec 20:15

7.7.1 (2025-12-20)

Bug Fixes

  • database: preserve session tag when called before commit (f5ce7b0), closes #95

Bug fixes and update dependencies

Pre-release

Choose a tag to compare

@github-actions github-actions released this 19 Dec 06:28

8.0.0-next.1 (2025-12-19)

Bug Fixes

  • explicitly remove maxAge and expires attributes when clearWithBrowser is enabled (7357c42)
  • types issues (3303e14)

Full Changelog: v8.0.0-next.0...v8.0.0-next.1

Session Collection

Choose a tag to compare

@github-actions github-actions released this 17 Dec 14:42

Session Tagging & SessionCollection

This release adds session tagging support and a new SessionCollection API for programmatic session management.

New Features

Session Tagging

Link sessions to user IDs, enabling features like "Logout from all devices" or displaying active sessions in account settings.

// Tag the current session after login
await session.tag(String(user.id))

SessionCollection API

Manage sessions programmatically outside of HTTP requests:

import { SessionCollection } from '@adonisjs/session'

const sessionCollection = await app.container.make(SessionCollection)

await sessionCollection.get(sessionId)           // Get session data
await sessionCollection.destroy(sessionId)       // Destroy a session
await sessionCollection.tag(sessionId, userId)   // Tag a session
await sessionCollection.tagged(userId)           // Get all sessions for a user

Supported Stores

Session tagging is supported by redis, database, and memory stores only.

Database Migration

If using the database store, run node ace make:session-table for new projects, or add the user_id column to existing sessions tables:

table.string('user_id').nullable().index()

Commits

  • add support for tagging + SessionCollection (#94) (a51e388)