Checking in changes prior to tagging of version 0.24. Changelog diff is:

[catagits/Catalyst-Plugin-Session.git] / lib / Catalyst / Plugin / Session.pm

diff --git a/lib/Catalyst/Plugin/Session.pm b/lib/Catalyst/Plugin/Session.pm
index 6a3c46a..8e3a2da 100644 (file)
--- a/lib/Catalyst/Plugin/Session.pm
+++ b/lib/Catalyst/Plugin/Session.pm
@@ -1,11 +1,9 @@
 #!/usr/bin/perl
 
 package Catalyst::Plugin::Session;
-use base qw/Class::Accessor::Fast/;
-
-use strict;
-use warnings;
 
+use Moose;
+with 'MooseX::Emulate::Class::Accessor::Fast';
 use MRO::Compat;
 use Catalyst::Exception ();
 use Digest              ();
@@ -13,11 +11,13 @@ use overload            ();
 use Object::Signature   ();
 use Carp;
 
-our $VERSION = '0.20';
+use namespace::clean -except => 'meta';
+
+our $VERSION = '0.24';
 
 my @session_data_accessors; # used in delete_session
-BEGIN {
-    __PACKAGE__->mk_accessors(
+
+__PACKAGE__->mk_accessors(
         "_session_delete_reason",
         @session_data_accessors = qw/
           _sessionid
@@ -33,8 +33,8 @@ BEGIN {
           _tried_loading_session_expires
           _tried_loading_flash_data
           /
-    );
-}
+);
+
 
 sub setup {
     my $c = shift;
@@ -70,6 +70,7 @@ sub setup_session {
     %$cfg = (
         expires        => 7200,
         verify_address => 0,
+        verify_user_agent => 0,
         %$cfg,
     );
 
@@ -225,6 +226,17 @@ sub _load_session {
                 $c->delete_session("address mismatch");
                 return;
             }
+            if (   $c->config->{session}{verify_user_agent}
+                && $session_data->{__user_agent} ne $c->request->user_agent )
+            {
+                $c->log->warn(
+                        "Deleting session $sid due to user agent mismatch ("
+                      . $session_data->{__user_agent} . " != "
+                      . $c->request->user_agent . ")"
+                );
+                $c->delete_session("user agent mismatch");
+                return;
+            }
 
             $c->log->debug(qq/Restored session "$sid"/) if $c->debug;
             $c->_session_data_sig( Object::Signature::signature($session_data) ) if $session_data;
@@ -451,7 +463,12 @@ sub initialize_session_data {
 
             (
                 $c->config->{session}{verify_address}
-                ? ( __address => $c->request->address )
+                ? ( __address => $c->request->address||'' )
+                : ()
+            ),
+            (
+                $c->config->{session}{verify_user_agent}
+                ? ( __user_agent => $c->request->user_agent||'' )
                 : ()
             ),
         }
@@ -915,6 +932,14 @@ not the same as the address that initiated the session, the session is deleted.
 
 Defaults to false.
 
+=item verify_user_agent
+
+When true, C<<$c->request->user_agent>> will be checked at prepare time. If it
+is not the same as the user agent that initiated the session, the session is 
+deleted.
+
+Defaults to false.
+
 =item flash_to_stash
 
 This option makes it easier to have actions behave the same whether they were
@@ -947,6 +972,11 @@ The time when the session was first created.
 The value of C<< $c->request->address >> at the time the session was created.
 This value is only populated if C<verify_address> is true in the configuration.
 
+=item __user_agent
+
+The value of C<< $c->request->user_agent >> at the time the session was created.
+This value is only populated if C<verify_user_agent> is true in the configuration.
+
 =back
 
 =head1 CAVEATS