1.1.0

This release, the first minor release increment, solves a number of issues:

• Uses new session keys to avoid an identified collision attack vector.
• Adds new functionality to create cookies that conform to the SameSite standard, allowing for successful session authentication on custom domains.
• Removes a potential vector for evading IP bans.
• Fixes a number of smaller bugs.

After you apply this update, your existing sessions may be invalidated and you will need to log in again. You may also wish to generate new values in your wikidot.ini file, though they are not strictly required:

• secret_login_seed (string, [security]): Used to create hashes related to sessions. Defaults to secret + "_login"
• cookie_name_ssl (string, [session]): Used to name the cookie delivered over SSL. Defaults to cookie_name + "_SECURE"