Merge branch 'feature.signed-cookie-session'

1 files changed, 25 insertions, 0 deletions

diff --git a/CHANGES.txt b/CHANGES.txt
index a228fbb3a..6fdc08398 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -10,6 +10,20 @@ Features
 
       python -3 -m pyramid.scripts.pserve development.ini
 
+- Added a new ``SignedCookieSessionFactory`` which is very similar to the
+  ``UnencryptedCookieSessionFactoryConfig`` but with a clearer focus on
+  signing content. The custom serializer arguments to this function should
+  only focus on serializing, unlike its predecessor which required the
+  serializer to also perform signing.
+  See https://github.com/Pylons/pyramid/pull/1142
+
+- Added a new ``BaseCookieSessionFactory`` which acts as a generic cookie
+  factory that can be used by framework implementors to create their own
+  session implementations. It provides a reusable API which focuses strictly
+  on providing a dictionary-like object that properly handles renewals,
+  timeouts, and conformance with the ``ISession`` API.
+  See https://github.com/Pylons/pyramid/pull/1142
+
 Bug Fixes
 ---------
 
@@ -50,6 +64,17 @@ Backwards Incompatibilities
   situation, leaving a query string of ``a=b&key=``.
   See https://github.com/Pylons/pyramid/issues/1119
 
+Deprecations
+------------
+
+- The ``pyramid.session.UnencryptedCookieSessionFactoryConfig`` API has been 
+  deprecated and is superseded by the 
+  ``pyramid.session.SignedCookieSessionFactory``.  Note that while the cookies
+  generated by the ``UnencryptedCookieSessionFactoryConfig``
+  are compatible with cookies generated by old releases, cookies generated by
+  the SignedCookieSessionFactory are not. See 
+  https://github.com/Pylons/pyramid/pull/1142
+
 1.5a2 (2013-09-22)
 ==================