use strict;
use warnings;
-our $VERSION = '0.11';
+our $VERSION = '0.14';
our $AUTHORITY = 'cpan:STEVAN';
use Digest::SHA1 ();
need to override a couple methods if you do subclass. See
L<Plack::Session::State::Cookie> for an example of this.
+B<WARNING>: parameter based session ID management makes session
+fixation really easy, and that makes your website vulnerable. You
+should really avoid using this state in the production environment
+except when you have to deal with legacy HTTP clients that do not
+support cookies.
+
+In the future this parameter based state handling will be removed from
+this base class and will be moved to its own State class.
+
=head1 METHODS
=over 4
=item B<session_key>
-This is the name of the session key, it default to 'plack_session'.
+This is the name of the session key, it defaults to 'plack_session'.
=item B<sid_generator>
=item B<finalize ( $session_id, $response )>
Given a C<$session_id> and a C<$response> this will perform any
-finalization nessecary to preserve state. This method is called by
+finalization necessary to preserve state. This method is called by
the L<Plack::Session> C<finalize> method. The C<$response> is expected
to be a L<Plack::Response> instance or an object with an equivalent
interface.