feature: Add session.regenerate()

[sititou70]

To prevent session fixation attacks, it would be useful to have an API to regenerate session ID.

session.regenerate() API replaces the current session ID with a new generated one. Return Promise.

await session.regenerate();
await session.commit(); // if `autoCommit` is set to `false`.

This is similar to express-session's Session.regenerate(callback) and PHP's session_regenerate_id.

[changeset-bot[bot]]

⚠️ No Changeset found

Latest commit: cd08f40f8da75ca84f91a3cd64bb5897645fe2e0

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 100.00%. Comparing base (5615e7d) to head (cd08f40).

Additional details and impacted files

@@             Coverage Diff             @@
##           master      #385      +/-   ##
===========================================
+ Coverage   99.17%   100.00%   +0.82%     
===========================================
  Files           6         5       -1     
  Lines         121       126       +5     
  Branches       37        37              
===========================================
+ Hits          120       126       +6     
+ Misses          1         0       -1     

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[MaxMEllon]

I needed regenerate function in express-session, so I used the forked version. I hope this feature will be introduced for compatibility express-session and session fixation attacks.

[sititou70]

I refactored the implementation based on @MaxMEllon 's code. Also, type definitions were missing and have been added.

thanks