⚒️ Encrypted "stateless" cookie sessions for SvelteKit
The internal encryption library changed to the @noble/ciphers which is up to 35% faster than the previous implementation. The encryption should also now be even more secure. Because of the change of the encryption library we have an major version bump. You now have to provide a secret with an exact length of 32 characters or bytes. You can use Password Generator to generate strong secrets.
Export the connect/express session middleware again..
Please use any version above @sveltejs/[email protected], all older versions are not compatible with v2 anymore. Stick to 1.4.0 if you like to use older versions of kit.
There are no major breaking changes, besides some internal refactoring and switching from JS Proxy to Getters/Setters which should end up in a better performance. We also only decrypt the session data now if you access the session.data. Also the session data returns undefined now if not existing instead of an empty object.
This includes native ESM Support outside SvelteKit.