#!/usr/bin/perl
package Catalyst::Plugin::Session;
-use base qw/Class::Accessor::Fast/;
-use strict;
-use warnings;
-
-use NEXT;
+use Moose;
+with 'MooseX::Emulate::Class::Accessor::Fast';
+use MRO::Compat;
use Catalyst::Exception ();
use Digest ();
use overload ();
use Object::Signature ();
use Carp;
-our $VERSION = '0.20';
+use namespace::clean -except => 'meta';
+
+our $VERSION = '0.24';
my @session_data_accessors; # used in delete_session
-BEGIN {
- __PACKAGE__->mk_accessors(
+
+__PACKAGE__->mk_accessors(
"_session_delete_reason",
@session_data_accessors = qw/
_sessionid
_tried_loading_session_expires
_tried_loading_flash_data
/
- );
-}
+);
+
sub setup {
my $c = shift;
- $c->NEXT::setup(@_);
+ $c->maybe::next::method(@_);
$c->check_session_plugin_requirements;
$c->setup_session;
%$cfg = (
expires => 7200,
verify_address => 0,
+ verify_user_agent => 0,
%$cfg,
);
- $c->NEXT::setup_session();
+ $c->maybe::next::method();
}
sub prepare_action {
@{ $c->stash }{ keys %$flash_data } = values %$flash_data;
}
- $c->NEXT::prepare_action(@_);
+ $c->maybe::next::method(@_);
}
sub finalize_headers {
# fix cookie before we send headers
$c->_save_session_expires;
- return $c->NEXT::finalize_headers(@_);
+ return $c->maybe::next::method(@_);
}
sub finalize_body {
# the session database (or whatever Session::Store you use).
$c->finalize_session;
- return $c->NEXT::finalize_body(@_);
+ return $c->maybe::next::method(@_);
}
sub finalize_session {
my $c = shift;
- $c->NEXT::finalize_session;
+ $c->maybe::next::method(@_);
$c->_save_session_id;
$c->_save_session;
my $sid = $c->sessionid;
+ my $session_data = $c->_session;
if (%$flash_data) {
- $c->store_session_data( "flash:$sid", $flash_data );
+ $session_data->{__flash} = $flash_data;
}
else {
- $c->delete_session_data("flash:$sid");
+ delete $session_data->{__flash};
}
+ $c->_session($session_data);
+ $c->_save_session;
}
}
$c->delete_session("address mismatch");
return;
}
+ if ( $c->config->{session}{verify_user_agent}
+ && $session_data->{__user_agent} ne $c->request->user_agent )
+ {
+ $c->log->warn(
+ "Deleting session $sid due to user agent mismatch ("
+ . $session_data->{__user_agent} . " != "
+ . $c->request->user_agent . ")"
+ );
+ $c->delete_session("user agent mismatch");
+ return;
+ }
$c->log->debug(qq/Restored session "$sid"/) if $c->debug;
$c->_session_data_sig( Object::Signature::signature($session_data) ) if $session_data;
$c->_tried_loading_flash_data(1);
if ( my $sid = $c->sessionid ) {
- if ( my $flash_data = $c->_flash
- || $c->_flash( $c->get_session_data("flash:$sid") ) )
+
+ my $session_data = $c->session;
+ $c->_flash($session_data->{__flash});
+
+ if ( my $flash_data = $c->_flash )
{
$c->_flash_key_hashes({ map { $_ => Object::Signature::signature( \$flash_data->{$_} ) } keys %$flash_data });
sub _clear_session_instance_data {
my $c = shift;
$c->$_(undef) for @session_data_accessors;
- $c->NEXT::_clear_session_instance_data; # allow other plugins to hook in on this
+ $c->maybe::next::method(@_); # allow other plugins to hook in on this
}
sub delete_session {
(
$c->config->{session}{verify_address}
- ? ( __address => $c->request->address )
+ ? ( __address => $c->request->address||'' )
+ : ()
+ ),
+ (
+ $c->config->{session}{verify_user_agent}
+ ? ( __user_agent => $c->request->user_agent||'' )
: ()
),
}
my $c = shift;
(
- $c->NEXT::dump_these(),
+ $c->maybe::next::method(),
$c->sessionid
? ( [ "Session ID" => $c->sessionid ], [ Session => $c->session ], )
}
-sub get_session_id { shift->NEXT::get_session_id(@_) }
-sub set_session_id { shift->NEXT::set_session_id(@_) }
-sub delete_session_id { shift->NEXT::delete_session_id(@_) }
-sub extend_session_id { shift->NEXT::extend_session_id(@_) }
+sub get_session_id { shift->maybe::next::method(@_) }
+sub set_session_id { shift->maybe::next::method(@_) }
+sub delete_session_id { shift->maybe::next::method(@_) }
+sub extend_session_id { shift->maybe::next::method(@_) }
__PACKAGE__;
This method is used to invalidate a session. It takes an optional parameter
which will be saved in C<session_delete_reason> if provided.
+NOTE: This method will B<also> delete your flash data.
+
=item session_delete_reason
This accessor contains a string with the reason a session was deleted. Possible
Defaults to false.
+=item verify_user_agent
+
+When true, C<<$c->request->user_agent>> will be checked at prepare time. If it
+is not the same as the user agent that initiated the session, the session is
+deleted.
+
+Defaults to false.
+
=item flash_to_stash
This option makes it easier to have actions behave the same whether they were
The value of C<< $c->request->address >> at the time the session was created.
This value is only populated if C<verify_address> is true in the configuration.
+=item __user_agent
+
+The value of C<< $c->request->user_agent >> at the time the session was created.
+This value is only populated if C<verify_user_agent> is true in the configuration.
+
=back
=head1 CAVEATS
Christian Hansen
-Yuval Kogman, C<nothingmuch@woobling.org> (current maintainer)
+Yuval Kogman, C<nothingmuch@woobling.org>
Sebastian Riedel
+Tomas Doran (t0m) C<bobtfish@bobtfish.net> (current maintainer)
+
+Sergio Salvi
+
And countless other contributers from #catalyst. Thanks guys!
=head1 COPYRIGHT & LICENSE