use strict;
use warnings;
-our $VERSION = '0.03';
+our $VERSION = '0.11';
our $AUTHORITY = 'cpan:STEVAN';
use parent 'Plack::Session::State';
domain
expires
secure
+ httponly
];
sub get_session_id {
my ($self, $env) = @_;
- ( Plack::Request->new($env)->cookie( $self->session_key ) || return )->value;
+ Plack::Request->new($env)->cookies->{$self->session_key};
+}
+
+sub merge_options {
+ my($self, %options) = @_;
+
+ delete $options{id};
+
+ $options{path} = $self->path || '/' if !exists $options{path};
+ $options{domain} = $self->domain if !exists $options{domain} && defined $self->domain;
+ $options{secure} = $self->secure if !exists $options{secure} && defined $self->secure;
+ $options{httponly} = $self->httponly if !exists $options{httponly} && defined $self->httponly;
+
+
+ if (!exists $options{expires} && defined $self->expires) {
+ $options{expires} = time + $self->expires;
+ }
+
+ return %options;
}
sub expire_session_id {
my ($self, $id, $res, $options) = @_;
- $self->_set_cookie($id, $res, expires => 0);
+ my %opts = $self->merge_options(%$options, expires => time);
+ $self->_set_cookie($id, $res, %opts);
}
sub finalize {
my ($self, $id, $res, $options) = @_;
- $self->_set_cookie($id, $res, (defined $self->expires ? (expires => $self->expires) : ()));
+ my %opts = $self->merge_options(%$options);
+ $self->_set_cookie($id, $res, %opts);
}
sub _set_cookie {
my($self, $id, $res, %options) = @_;
# TODO: Do not use Plack::Response
- my $response = Plack::Response->new($res);
+ my $response = Plack::Response->new(@$res);
$response->cookies->{ $self->session_key } = +{
value => $id,
- path => ($self->path || '/'),
- ( defined $self->domain ? ( domain => $self->domain ) : () ),
- ( defined $self->secure ? ( secure => $self->secure ) : () ),
%options,
};
=item B<expires>
-Expiration time of the cookie, if nothing is supplied then it will
-not be included in the cookie.
+Expiration time of the cookie in seconds, if nothing is supplied then
+it will not be included in the cookie, which means the session expires
+per browser session.
=item B<secure>