1 package Catalyst::Plugin::SessionHP::State::Cookie;
2 use base qw/Catalyst::Plugin::SessionHP::State Class::Accessor::Fast/;
8 use Catalyst::Utils ();
10 our $VERSION = "0.10";
12 BEGIN { __PACKAGE__->mk_accessors(qw/_deleted_session_id/) }
17 $c->maybe::next::method(@_);
19 $c->config->{session}{cookie_name}
20 ||= Catalyst::Utils::appprefix($c) . '_session';
24 sub _session_cookie_name {
26 return $c->config->{session}{cookie_name};
29 sub finalize_session {
32 # we want to run after the other finalizing has been done
33 $c->maybe::next::method(@_);
35 # If there is no session_id then we should not do anything
36 return unless $c->_session_id;
39 my $cookie = { value => $c->_session_id, };
41 # set the expriation time
42 # get the cookie expiry time and add a little buffer for testing
43 unless ( $c->session->{__session_limit_to_this_visit} ) {
44 $cookie->{expires} = $c->_session_expiry_time + 60;
47 $cookie->{secure} = 1 if $c->config->{session}{cookie_secure};
49 # add the cookie to the headers
50 $c->response->cookies->{ $c->_session_cookie_name } = $cookie;
52 # Also ensure that at the least the cookie is not cached. Other caching is
53 # upto the app to implement. Don't apply to secure connections as it leads
54 # to a bug where IE will not download files.
55 # (http://support.microsoft.com/kb/812935/en-us)
56 $c->response->header( 'Cache-control' => 'no-cache="set-cookie"' )
57 unless $c->req->secure;
60 sub get_sesson_id_from_state {
63 # get _request_ cookie
64 my $cookie = $c->request->cookies->{ $c->_session_cookie_name };
67 my $sid = $cookie->value;
68 $c->log->debug(qq/Found sessionid "$sid" in cookie/) if $c->debug;
72 # If we could not find the id pass on to the next state
73 $c->maybe::next::method(@_);
84 $cookie->{secure} = 1 if $c->config->{session}{cookie_secure};
86 # add the cookie to the headers
87 $c->response->cookies->{ $c->_session_cookie_name } = $cookie;
89 $c->maybe::next::method($msg);