1 package Catalyst::Plugin::Session::State::Cookie;
2 use base qw/Catalyst::Plugin::Session::State Class::Accessor::Fast/;
8 use Catalyst::Utils ();
10 our $VERSION = "0.07";
12 BEGIN { __PACKAGE__->mk_accessors(qw/_deleted_session_id/) }
17 $c->NEXT::setup_session(@_);
19 $c->config->{session}{cookie_name}
20 ||= Catalyst::Utils::appprefix($c) . '_session';
23 sub extend_session_id {
24 my ( $c, $sid, $expires ) = @_;
26 if ( my $cookie = $c->get_session_cookie ) {
27 $c->update_session_cookie( $c->make_session_cookie( $sid ) );
30 $c->NEXT::extend_session_id( $sid, $expires );
36 $c->update_session_cookie( $c->make_session_cookie( $sid ) );
38 return $c->NEXT::set_session_id($sid);
41 sub update_session_cookie {
42 my ( $c, $updated ) = @_;
44 unless ( $c->cookie_is_rejecting( $updated ) ) {
45 my $cookie_name = $c->config->{session}{cookie_name};
46 $c->response->cookies->{$cookie_name} = $updated;
50 sub cookie_is_rejecting {
51 my ( $c, $cookie ) = @_;
53 if ( $cookie->{path} ) {
54 return 1 if index '/'.$c->request->path, $cookie->{path};
60 sub make_session_cookie {
61 my ( $c, $sid, %attrs ) = @_;
63 my $cfg = $c->config->{session};
66 ( $cfg->{cookie_domain} ? ( domain => $cfg->{cookie_domain} ) : () ),
67 ( $cfg->{cookie_path} ? ( path => $cfg->{cookie_path} ) : () ),
71 unless ( exists $cookie->{expires} ) {
72 $cookie->{expires} = $c->calculate_session_cookie_expires();
75 $cookie->{secure} = 1 if $cfg->{cookie_secure};
80 sub calc_expiry { # compat
82 $c->NEXT::calc_expiry( @_ ) || $c->calculate_session_cookie_expires( @_ );
85 sub calculate_session_cookie_expires {
87 my $cfg = $c->config->{session};
89 my $value = $c->NEXT::calculate_session_cookie_expires(@_);
90 return $value if $value;
92 if ( exists $cfg->{cookie_expires} ) {
93 if ( $cfg->{cookie_expires} > 0 ) {
94 return time() + $cfg->{cookie_expires};
101 return $c->session_expires;
105 sub get_session_cookie {
108 my $cookie_name = $c->config->{session}{cookie_name};
110 return $c->request->cookies->{$cookie_name};
116 if ( !$c->_deleted_session_id and my $cookie = $c->get_session_cookie ) {
117 my $sid = $cookie->value;
118 $c->log->debug(qq/Found sessionid "$sid" in cookie/) if $c->debug;
122 $c->NEXT::get_session_id(@_);
125 sub delete_session_id {
126 my ( $c, $sid ) = @_;
128 $c->_deleted_session_id(1); # to prevent get_session_id from returning it
130 $c->update_session_cookie( $c->make_session_cookie( $sid, expires => 0 ) );
132 $c->NEXT::delete_session_id($sid);
143 Catalyst::Plugin::Session::State::Cookie - Maintain session IDs using cookies.
147 use Catalyst qw/Session Session::State::Cookie Session::Store::Foo/;
151 In order for L<Catalyst::Plugin::Session> to work the session ID needs to be
152 stored on the client, and the session data needs to be stored on the server.
154 This plugin stores the session ID on the client using the cookie mechanism.
160 =item make_session_cookie
162 Returns a hash reference with the default values for new cookies.
164 =item update_session_cookie $hash_ref
166 Sets the cookie based on C<cookie_name> in the response object.
170 =head1 EXTENDED METHODS
174 =item prepare_cookies
176 Will restore if an appropriate cookie is found.
178 =item finalize_cookies
180 Will set a cookie called C<session> if it doesn't exist or if it's value is not
181 the current session id.
185 Will set the C<cookie_name> parameter to it's default value if it isn't set.
195 The name of the cookie to store (defaults to C<Catalyst::Utils::apprefix($c) . '_session'>).
199 The name of the domain to store in the cookie (defaults to current host)
203 Number of seconds from now you want to elapse before cookie will expire.
204 Set to 0 to create a session cookie, ie one which will die when the
205 user's browser is shut down.
209 If this attribute set true, the cookie will only be sent via HTTPS.
213 The path of the request url where cookie should be baked.
219 Sessions have to be created before the first write to be saved. For example:
222 my ( $self, $c ) = @_;
223 $c->res->write("foo");
228 Will cause a session ID to not be set, because by the time a session is
229 actually created the headers have already been sent to the client.
233 L<Catalyst>, L<Catalyst::Plugin::Session>.
237 This module is derived from L<Catalyst::Plugin::Session::FastMmap> code, and
238 has been heavily modified since.
243 Yuval Kogman, C<nothingmuch@woobling.org>
249 This program is free software, you can redistribute it and/or modify it
250 under the same terms as Perl itself.