All notable changes to Sessions are documented in this changelog.
[2.8.0] - 2022-10-06
- Compatibility with WordPress 6.1.
- [WPCLI] The results of
wp sessionscommands are now logged in DecaLog.
- Improved ephemeral cache in analytics.
- [WPCLI] The results of
wp sessionscommands are now prefixed by the product name.
- [SEC004] Moment.js library updated to 2.29.4 / Regular Expression Denial of Service (ReDoS).
[2.7.0] - 2022-04-20
- Compatibility with WordPress 6.0.
- Site Health page now presents a much more realistic test about object caching.
- Updated DecaLog SDK from version 2.0.2 to version 3.0.0.
- [SEC003] Moment.js library updated to 2.29.2 / CVE-2022-24785.
[2.6.2] - 2022-01-17
- The Site Health page may launch deprecated tests.
[2.6.1] - 2022-01-17
- There may be name collisions with internal APCu cache.
- An innocuous Mysql error may be triggered at plugin activation.
[2.6.0] - 2021-12-28
- Compatibility with PHP 8.1.
- New option to delete all sessions of users resetting their passwords (thanks to mrdexters1 for the suggestion).
- Charts allow now to display more than 2 months of data.
- Improved timescale computation and date display for all charts.
- Refactored cache mechanisms to fully support Redis and Memcached.
- Bar charts have now a resizable width.
- Updated DecaLog SDK from version 2.0.0 to version 2.0.2.
- Updated PerfOps One library from 2.2.1 to 2.2.2.
- Improved bubbles display when width is less than 500px (thanks to Pat Ol).
- The tables headers have now a better contrast (thanks to Paul Bonaldi).
- Object caching method may be wrongly detected in Site Health status (thanks to freshuk).
- The console menu may display an empty screen (thanks to Renaud Pacouil).
[2.5.0] - 2021-12-07
- Compatibility with WordPress 5.9.
- New button in settings to install recommended plugins.
- The available hooks (filters and actions) are now described in
- Improved update process on high-traffic sites to avoid concurrent resources accesses.
- Better publishing frequency for metrics.
- [BC] The filter
perfopsone_advanced_controlshas been renamed in
perfopsone_show_advancedfor consistency reasons.
- X axis for graphs have been redesigned and are more accurate.
- Updated labels and links in plugins page.
- Updated the
- Country translation with i18n module may be wrong.
- Plugin's advanced settings are not translatable.
[2.4.1] - 2021-09-20
- The sessions list now displays all users' roles (thanks to ShamiraO).
- [SEC002] In some cases, "cumulative privileges" maybe interpreted as "least privileges" (thanks to ShamiraO).
- With multiple roles per user, session idle time (when less than one hour) may be wrongly computed.
[2.4.0] - 2021-09-07
- It's now possible to hide the main PerfOps One menu via the
poo_hide_main_menufilter or each submenu via the
poo_hide_settings_menufilters (thanks to Jan Thiel).
- Updated DecaLog SDK from version 1.2.0 to version 2.0.0.
- Improved message in case there's no session to delete.
- There may be name collisions for some functions if version of WordPress is lower than 5.6.
- The main PerfOps One menu is not hidden when it doesn't contain any items (thanks to Jan Thiel).
- In some very special conditions, the plugin may be in the default site language rather than the user's language.
- The PerfOps One menu builder is not compatible with Admin Menu Editor plugin (thanks to dvokoun).
[2.3.1] - 2021-08-11
- New redesigned UI for PerfOps One plugins management and menus (thanks to Loïc Antignac, Paul Bonaldi, Axel Ducoron, Laurent Millet, Samy Rabih and Raphaël Riehl for their invaluable help).
- It's now possible to set an idle time of 36, 48 and 72 hours.
- There's now a
perfopsone_advanced_controlsfilter to display advanced plugin settings.
- In some conditions, the plugin may be in the default site language rather than the user's language.
[2.3.0] - 2021-06-22
- Compatibility with WordPress 5.8.
- Integration with DecaLog SDK.
- Traces and metrics collation and publication.
- It's now possible to customize messages in case of forbidden access (thanks to Jon Cuevas).
- New option, available via settings page and wp-cli, to disable/enable metrics collation.
- It's now possible to set an idle time of 15, 30 and 45 minutes (thanks to pgray).
- Improved internal IP detection: support for cloud load balancers.
- It's now possible to set from 1 to 9 sessions per user.
sessions statuscommand now displays DecaLog SDK version too.
- Sessions is not compatible with PHP 7.2 (thanks to chernenkopetro).
[2.2.0] - 2021-02-24
- Compatibility with WordPress 5.7.
- New values and more granularity for cookie durations and idle timeouts.
- Consistent reset for settings.
- Improved translation loading.
sessionscommand have now a definition and all synopsis are up to date.
- In Site Health section, Opcache status may be wrong (or generates PHP warnings) if OPcache API usage is restricted.
[2.1.0] - 2020-12-03
- Compatibility with WPS Hide Login.
- Compatibility with Loginizer.
- Compatibility with LifterLMS.
- Sorting sessions by "idle" field may produce errors.
- Limiter may fail to limit with some early-initializer plugins (thanks to vadimfish).
[2.0.0] - 2020-11-28
- [WP-CLI] New command to manage active sessions: see
wp help sessions activefor details.
- [WP-CLI] New command to set role operation mode: see
wp help sessions modefor details.
- [WP-CLI] New command to toggle on/off main settings: see
wp help sessions settingsfor details.
- [WP-CLI] New command to display Sessions status: see
wp help sessions statusfor details.
- [WP-CLI] New command to display Sessions: see
wp help sessions analyticsfor details.
- Privileges computation can be set as 'cumulative' or 'least' on sites using multiple roles per users. May be a breaking change if you're in this case, please verify your settings.
- New failsafe for
auth_cookie_expiredhook to avoid infinite loops.
- New Site Health "info" section about shared memory.
- Compatibility with WordPress 5.6.
- The analytics dashboard now displays a warning if analytics features are not activated.
- Improvement in privileges computation and enforcement.
- Improvement in the way roles are detected.
- Improved layout for language indicator.
- If GeoIP support is not done via IP Locator, the flags are now correctly downgraded to emojis.
- Anonymous proxies, satellite providers and private networks are now fully detected when IP Locator is installed.
- Admin notices are now set to "don't display" by default.
- Improved IP detection (thanks to Ludovic Riaudel).
- Improved changelog readability.
- The integrated markdown parser is now Markdown from Carsten Brandt.
- Prepares PerfOps menus to future versions.
- [SEC001] User may be wrongly detected in XML-RPC or Rest API calls.
- The remote IP can be wrongly detected when behind some types of reverse-proxies.
- The count of cleaned sessions may be wrong when "Delete All Sessions" is used.
- In admin dashboard, the statistics link is visible even if analytics features are not activated.
- With Firefox, some links are unclickable in the Control Center (thanks to Emil1).
- When site is in english and a user choose another language for herself/himself, menu may be stuck in english.
- Some graph labels are wrong.
- The analytics page contains unclosed HTML tags.
- Parsedown as integrated markdown parser.
- Strict vs. permissive mode "feature" as the plugin is now pretty stable.
[1.2.0] - 2020-08-27
- Compatibility with WordPress 5.5.
- Enhanced compatibility with Jetpack SSO.
- Support for data feeds - reserved for future use.
- The positions of PerfOps menus are pushed lower to avoid collision with other plugins (thanks to Loïc Antignac).
- There's a PHP warning when an admin log in for the first time.
- While connecting via SSO, cookie durations may be wrongly computed.
- Support for the "Block and send a WordPress error" method when Jetpack SSO is used (because Jetpack SSO can't handle it).
[1.1.4] - 2020-06-29
- In sessions list (tools), clicking on the user name now redirects to its profile edit page.
- Full compatibility with PHP 7.4.
- Automatic switching between memory and transient when a cache plugin is installed without a properly configured Redis / Memcached.
- When a session is already expired, the time detail in sessions list may be blank.
[1.1.3] - 2020-05-22
- KPI for active sessions is now a ratio.
- Better consistency between KPI and chart for active sessions.
- Better consistency between KPI and chart for cleaned sessions.
- Better precision for cleaned sessions breakdown.
[1.1.2] - 2020-05-15
- Supports now Wordfence alerting system inconsistency.
- When used for the first time, settings checkboxes may remain checked after being unchecked.
- When Wordfence locks out an account, a warning maybe wrongly sent to DecaLog.
[1.1.1] - 2020-05-05
- Expired sessions cookies are now counted as cleaned sessions.
- There's an error while activating the plugin when the server is Microsoft IIS with Windows 10.
- The counted deleted user may be wrong in KPIs.
- Batch sessions deletion are wrongly counted.
- With Microsoft Edge, some layouts may be ugly.
[1.1.0] - 2020-04-12
- It's now possible to set the maximum number of IP addresses per user.
- It's now possible to override the (weak) WordPress IP detection (this setting is strongly recommended).
- It's now possible to refresh IP when a session is resumed (this setting is strongly recommended).
- Now compatible with Jetpack SSO.
- Now compatible with Next Active Directory Integration SSO.
- Compatibility with DecaLog early loading feature.
- Full integration with IP Locator.
- Integration with Wordfence.
- Partial compatibility with miniOrange SAML SSO.
- Active sessions deleted by an admin are now counted as cleaned sessions.
- In site health "info" tab, the boolean are now clearly displayed.
- Better display of KPIs when there's no (or not yet) data to compute.
- Some typos in the settings screen.
- Dependency to "Geolocation IP Detection" plugin. Nevertheless, this plugin can be used as a fallback solution.
- Flagiconcss as library. If there's no other way, flags will be rendered as emoji.
[1.0.0] - 2020-03-24