Released version 3.2.4

• Guest identity – an IdentityHandler authenticator may now implement getGuestIdentity(): ?IIdentity to hand anonymous visitors a real identity. When present, getIdentity(), getId() and getRoles() transparently fall back to it, so guests carry their own roles and data instead of just the $guestRole string. The guest identity is resolved on read only and never written to storage.

• $persistIdentity – the new User::$persistIdentity property lets you decide what happens to the identity after logout or expiration. It stays available for personalization by default; flip it to false and getIdentity()/getId() return null once the user is no longer logged in. Configurable straight from the security.authentication DI section.

• SessionStorage no longer refreshes the sliding expiration timestamp once the session has already expired – an expired identity stays expired instead of being silently kept alive for another round

• Adopted nette/phpstan-rules and made static analysis a mandatory part of the build, then resolved the errors it surfaced

• Improved phpDoc types and descriptions across the codebase

Released version 3.2.2

• support for PHP 8.5
• optimized global function calls

Released version 3.2.1

• support for PHP 8.4
• SecurityExtension: password can be dynamic #74
• $user => $username #73

Released version 3.2.0

• requires PHP 8.1
• uses PHP 8.1 features
• removed deprecated IUserStorage (BC break)

Released version 3.1.8

• support for PHP 8.3
• constants are PascalCase
• used #[\SensitiveParameter] to mark sensitive parameters

Released version 3.1.7

• composer: allows nette/utils 4.0

Released version 3.1.6

• CookieStorage: getState returns the previously set ID #67
• CookieStorage: fixed SameSite attribute
• SessionStorage::setExpiration() does not overwrite data in the session
• SimpleAuthenticator: refactoring, added verifyPassword()
• strict type fix
• coding style

Released version 3.1.5

• SessionStorage: used new sessionSection API to not start the session unless needed

Released version 3.1.4

• support for PHP 8.1
• User::setExpiration() second argument accept also bool $clearIdentity
• User: added consts LOGOUT_MANUAL & LOGOUT_INACTIVITY
• fixed compatibility with Symfony DebugClassLoader
• compatibility: improved code hinting

Released version 3.0.6

• User: added method refreshStorage() to clear identity cache. (#46) (#50)
• UserPanel: displays 'Session is closed' on closed session #52