1 package Plack::Middleware::Session::Cookie;
3 use parent qw(Plack::Middleware::Session);
5 use Plack::Util::Accessor qw(secret session_key domain expires path secure);
13 use Plack::Session::State::Cookie;
18 Plack::Util::load_class($self->session_class) if $self->session_class;
19 $self->session_key("plack_session") unless $self->session_key;
21 $self->state( Plack::Session::State::Cookie->new );
22 for my $attr (qw(session_key path domain expires secure)) {
23 $self->state->$attr($self->$attr);
28 my($self, $request) = @_;
30 my $cookie = $self->state->get_session_id($request) or return;
32 my($time, $b64, $sig) = split /:/, $cookie, 3;
33 $self->sig($b64) eq $sig or return;
35 # NOTE: do something with $time?
37 my $session = Storable::thaw(MIME::Base64::decode($b64));
38 return ($self->generate_id, $session);
43 return scalar Time::HiRes::gettimeofday;
49 my($self, $id, $res, $env) = @_;
51 my $cookie = $self->_serialize($id, $env->{'psgix.session'});
52 $self->state->finalize($cookie, $res, $env->{'psgix.session.options'});
56 my($self, $id, $session) = @_;
58 my $b64 = MIME::Base64::encode( Storable::freeze($session), '' );
59 join ":", $id, $b64, $self->sig($b64);
64 return '.' unless $self->secret;
65 Digest::HMAC_SHA1::hmac_sha1_hex($b64, $self->secret);
74 Plack::Middleware::Session::Cookie - Session middleware that saves session data in the cookie
78 enable "Session::Cookie";
82 This middleware component allows you to use the cookie as a sole
83 cookie state and store, without any server side storage to do the
84 session management. This middleware utilizes its own state and store
85 automatically for you, so you can't override the objects.
89 This middleware is a subclass of L<Plack::Middleware::Session> and
90 accepts most configuration of the parent class. In addition, following
97 Server side secret to sign the session data using HMAC SHA1. Defaults
98 to nothing (i.e. do not sign) but B<strongly recommended> to set your
101 =item session_key, domain, expires, path, secure
103 Accessors for the cookie attribuets. See
104 L<Plack::Session::State::Cookie> for these options.
114 Rack::Session::Cookie L<Dancer::Session::Cookie>