📣 Wristband ASP.NET Auth SDK 4.1.0 Release 🎉

Release 4.1.0

Session Encryption for Multi-Server Deployments

Adds zero-infrastructure session encryption via AddInMemoryKeyDataProtection(), enabling cookie-based sessions to work across multi-server and containerized deployments without requiring Redis or persistent storage.

What's New

• In-memory key data protection - Derives encryption keys from shared secrets using HKDF-SHA256 + AES-256-GCM
• Zero-downtime secret rotation - Support for up to 3 secrets with automatic re-encryption
• OWASP compliant - Meets cryptographic storage best practices for session encryption
• Cross-platform compatible - Uses same format as Wristband's TypeScript session SDK

Breaking Changes

None - this is a new optional feature. Existing deployments continue working unchanged.

Documentation

• Updated README with setup guide and advanced configuration
• Added Session Encryption Configuration section under Session Management
• Added Session Encryption with Persistent Key Storage section under Advanced Configuration