use strict;
use warnings;
-our $VERSION = '0.03';
+our $VERSION = '0.11';
our $AUTHORITY = 'cpan:STEVAN';
use parent 'Plack::Session::State';
domain
expires
secure
+ httponly
];
sub get_session_id {
Plack::Request->new($env)->cookies->{$self->session_key};
}
+sub merge_options {
+ my($self, %options) = @_;
+
+ delete $options{id};
+
+ $options{path} = $self->path || '/' if !exists $options{path};
+ $options{domain} = $self->domain if !exists $options{domain} && defined $self->domain;
+ $options{secure} = $self->secure if !exists $options{secure} && defined $self->secure;
+ $options{httponly} = $self->httponly if !exists $options{httponly} && defined $self->httponly;
+
+
+ if (!exists $options{expires} && defined $self->expires) {
+ $options{expires} = time + $self->expires;
+ }
+
+ return %options;
+}
+
sub expire_session_id {
my ($self, $id, $res, $options) = @_;
- $self->_set_cookie($id, $res, expires => time);
+ my %opts = $self->merge_options(%$options, expires => time);
+ $self->_set_cookie($id, $res, %opts);
}
sub finalize {
my ($self, $id, $res, $options) = @_;
- $self->_set_cookie($id, $res, (defined $self->expires ? (expires => time + $self->expires) : ()));
+ my %opts = $self->merge_options(%$options);
+ $self->_set_cookie($id, $res, %opts);
}
sub _set_cookie {
my($self, $id, $res, %options) = @_;
# TODO: Do not use Plack::Response
- my $response = Plack::Response->new($res);
+ my $response = Plack::Response->new(@$res);
$response->cookies->{ $self->session_key } = +{
value => $id,
- path => ($self->path || '/'),
- ( defined $self->domain ? ( domain => $self->domain ) : () ),
- ( defined $self->secure ? ( secure => $self->secure ) : () ),
%options,
};
=head1 DESCRIPTION
-This is a subclass of L<Plack::Session::State> and implements it's
+This is a subclass of L<Plack::Session::State> and implements its
full interface. This is the default state used in
L<Plack::Middleware::Session>.