1 package Catalyst::Plugin::Session::State::Cookie;
2 use base qw/Catalyst::Plugin::Session::State Class::Accessor::Fast/;
8 use Catalyst::Utils ();
10 our $VERSION = "0.10";
12 BEGIN { __PACKAGE__->mk_accessors(qw/_deleted_session_id/) }
17 $c->maybe::next::method(@_);
19 $c->config->{session}{cookie_name}
20 ||= Catalyst::Utils::appprefix($c) . '_session';
23 sub extend_session_id {
24 my ( $c, $sid, $expires ) = @_;
26 if ( my $cookie = $c->get_session_cookie ) {
27 $c->update_session_cookie( $c->make_session_cookie( $sid ) );
30 $c->maybe::next::method( $sid, $expires );
36 $c->update_session_cookie( $c->make_session_cookie( $sid ) );
38 return $c->maybe::next::method($sid);
41 sub update_session_cookie {
42 my ( $c, $updated ) = @_;
44 unless ( $c->cookie_is_rejecting( $updated ) ) {
45 my $cookie_name = $c->config->{session}{cookie_name};
46 $c->response->cookies->{$cookie_name} = $updated;
50 sub cookie_is_rejecting {
51 my ( $c, $cookie ) = @_;
53 if ( $cookie->{path} ) {
54 return 1 if index '/'.$c->request->path, $cookie->{path};
60 sub make_session_cookie {
61 my ( $c, $sid, %attrs ) = @_;
63 my $cfg = $c->config->{session};
66 ( $cfg->{cookie_domain} ? ( domain => $cfg->{cookie_domain} ) : () ),
67 ( $cfg->{cookie_path} ? ( path => $cfg->{cookie_path} ) : () ),
71 unless ( exists $cookie->{expires} ) {
72 $cookie->{expires} = $c->calculate_session_cookie_expires();
75 $cookie->{secure} = 1 if $cfg->{cookie_secure};
80 sub calc_expiry { # compat
82 $c->maybe::next::method( @_ ) || $c->calculate_session_cookie_expires( @_ );
85 sub calculate_session_cookie_expires {
87 my $cfg = $c->config->{session};
89 my $value = $c->maybe::next::method(@_);
90 return $value if $value;
92 if ( exists $cfg->{cookie_expires} ) {
93 if ( $cfg->{cookie_expires} > 0 ) {
94 return time() + $cfg->{cookie_expires};
101 return $c->session_expires;
105 sub get_session_cookie {
108 my $cookie_name = $c->config->{session}{cookie_name};
110 return $c->request->cookies->{$cookie_name};
116 if ( !$c->_deleted_session_id and my $cookie = $c->get_session_cookie ) {
117 my $sid = $cookie->value;
118 $c->log->debug(qq/Found sessionid "$sid" in cookie/) if $c->debug;
122 $c->maybe::next::method(@_);
125 sub delete_session_id {
126 my ( $c, $sid ) = @_;
128 $c->_deleted_session_id(1); # to prevent get_session_id from returning it
130 $c->update_session_cookie( $c->make_session_cookie( $sid, expires => 0 ) );
132 $c->maybe::next::method($sid);
143 Catalyst::Plugin::Session::State::Cookie - Maintain session IDs using cookies.
147 use Catalyst qw/Session Session::State::Cookie Session::Store::Foo/;
151 In order for L<Catalyst::Plugin::Session> to work the session ID needs to be
152 stored on the client, and the session data needs to be stored on the server.
154 This plugin stores the session ID on the client using the cookie mechanism.
160 =item make_session_cookie
162 Returns a hash reference with the default values for new cookies.
164 =item update_session_cookie $hash_ref
166 Sets the cookie based on C<cookie_name> in the response object.
170 =item calculate_session_cookie_expires
172 =item cookie_is_rejecting
174 =item delete_session_id
176 =item extend_session_id
178 =item get_session_cookie
186 =head1 EXTENDED METHODS
190 =item prepare_cookies
192 Will restore if an appropriate cookie is found.
194 =item finalize_cookies
196 Will set a cookie called C<session> if it doesn't exist or if its value is not
197 the current session id.
201 Will set the C<cookie_name> parameter to its default value if it isn't set.
211 The name of the cookie to store (defaults to C<Catalyst::Utils::apprefix($c) . '_session'>).
215 The name of the domain to store in the cookie (defaults to current host)
219 Number of seconds from now you want to elapse before cookie will expire.
220 Set to 0 to create a session cookie, ie one which will die when the
221 user's browser is shut down.
225 If this attribute set true, the cookie will only be sent via HTTPS.
229 The path of the request url where cookie should be baked.
233 For example, you could stick this in MyApp.pm:
235 __PACKAGE__->config( session => {
236 cookie_domain => '.mydomain.com',
241 Sessions have to be created before the first write to be saved. For example:
244 my ( $self, $c ) = @_;
245 $c->res->write("foo");
250 Will cause a session ID to not be set, because by the time a session is
251 actually created the headers have already been sent to the client.
255 L<Catalyst>, L<Catalyst::Plugin::Session>.
259 Yuval Kogman E<lt>nothingmuch@woobling.orgE<gt>
263 This module is derived from L<Catalyst::Plugin::Session::FastMmap> code, and
264 has been heavily modified since.
270 Jonathan Rockway E<lt>jrockway@cpan.orgE<gt>
275 This program is free software, you can redistribute it and/or modify it
276 under the same terms as Perl itself.