use Digest ();
use overload ();
use Object::Signature ();
+use HTML::Entities ();
use Carp;
use List::Util qw/ max /;
use namespace::clean -except => 'meta';
-our $VERSION = '0.38';
+our $VERSION = '0.40';
$VERSION = eval $VERSION;
my @session_data_accessors; # used in delete_session
_tried_loading_session_data
_tried_loading_session_expires
_tried_loading_flash_data
+ _needs_early_session_finalization
/
);
# up to date. First call to session_expires will extend the expiry, subs
# just return the previously extended value.
$c->session_expires;
+ $c->finalize_session if $c->_needs_early_session_finalization;
return $c->maybe::next::method(@_);
}
# We have to finalize our session *before* $c->engine->finalize_xxx is called,
# because we do not want to send the HTTP response before the session is stored/committed to
# the session database (or whatever Session::Store you use).
- $c->finalize_session;
+ $c->finalize_session unless $c->_needs_early_session_finalization;
+ $c->_clear_session_instance_data;
return $c->maybe::next::method(@_);
}
$c->_save_session;
$c->_save_flash;
- $c->_clear_session_instance_data;
}
sub _session_updated {
$c->_sessionid($sid);
return $sid;
} else {
+ $sid = HTML::Entities::encode_entities($sid);
my $err = "Tried to set invalid session ID '$sid'";
$c->log->error($err);
Catalyst::Exception->throw($err);
Devin Austin (dhoss) <dhoss@cpan.org>
-Robert Rothenberg <rrwo@cpan.org>
+Robert Rothenberg <rrwo@cpan.org> (on behalf of Foxtons Ltd.)
=head1 COPYRIGHT & LICENSE