1 package Plack::Middleware::Session::Cookie;
3 use parent qw(Plack::Middleware::Session);
5 use Plack::Util::Accessor qw(secret session_key domain expires path secure);
13 use Plack::Session::State::Cookie;
18 Plack::Util::load_class($self->session_class) if $self->session_class;
19 $self->session_key("plack_session") unless $self->session_key;
21 my $state_cookie = Plack::Session::State::Cookie->new;
22 for my $attr (qw(session_key path domain expires secure)) {
23 $state_cookie->$attr($self->$attr);
26 my $state = Plack::Util::inline_object
27 generate => sub { $self->_serialize({}) },
29 my $cookie = $state_cookie->get_session_id(@_) or return;
31 my($time, $b64, $sig) = split /:/, $cookie, 3;
32 $self->sig($b64) eq $sig or return;
36 expire_session_id => sub { $state_cookie->expire_session_id(@_) },
37 finalize => sub { $state_cookie->finalize(@_) };
39 my $store = Plack::Util::inline_object
42 my($time, $b64, $sig) = split /:/, $id, 3;
43 Storable::thaw(MIME::Base64::decode($b64));
53 my($self, $session, $options, $response) = @_;
55 if ($options->{expire}) {
56 $self->state->expire_session_id($options->{id}, $response);
58 my $cookie = $self->_serialize($session);
59 $self->state->finalize($cookie, $response, $options);
64 my($self, $session) = @_;
66 my $now = Time::HiRes::gettimeofday;
67 my $b64 = MIME::Base64::encode( Storable::freeze($session), '' );
68 join ":", $now, $b64, $self->sig($b64);
73 return '.' unless $self->secret;
74 Digest::HMAC_SHA1::hmac_sha1_hex($b64, $self->secret);
83 Plack::Middleware::Session::Cookie - Session middleware that saves session data in the cookie
87 enable "Session::Cookie";
91 This middleware component allows you to use the cookie as a sole
92 cookie state and store, without any server side storage to do the
93 session management. This middleware utilizes its own state and store
94 automatically for you, so you can't override the objects.
98 This middleware is a subclass of L<Plack::Middleware::Session> and
99 accepts most configuration of the parent class. In addition, following
100 options are accepted.
106 Server side secret to sign the session data using HMAC SHA1. Defaults
107 to nothing (i.e. do not sign) but B<strongly recommended> to set your
110 =item session_key, domain, expires, path, secure
112 Accessors for the cookie attribuets. See
113 L<Plack::Session::State::Cookie> for these options.
123 Rack::Session::Cookie L<Dancer::Session::Cookie>