X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=lib%2FCatalyst%2FPlugin%2FSession.pm;h=8e3a2da74790c2e0bcaf6db2a46a1a1d01d7d849;hb=f8f81744361da95c2b7f8a35c4e5aec63622e677;hp=ee8ea37e8b0246f3976b8f46605aedf190343aee;hpb=92eaec324c5557133b0d06bb4de14ac8cae49d7b;p=catagits%2FCatalyst-Plugin-Session.git

diff --git a/lib/Catalyst/Plugin/Session.pm b/lib/Catalyst/Plugin/Session.pm
index ee8ea37..8e3a2da 100644
--- a/lib/Catalyst/Plugin/Session.pm
+++ b/lib/Catalyst/Plugin/Session.pm
@@ -1,23 +1,23 @@
 #!/usr/bin/perl
 
 package Catalyst::Plugin::Session;
-use base qw/Class::Accessor::Fast/;
 
-use strict;
-use warnings;
-
-use NEXT;
+use Moose;
+with 'MooseX::Emulate::Class::Accessor::Fast';
+use MRO::Compat;
 use Catalyst::Exception ();
 use Digest              ();
 use overload            ();
 use Object::Signature   ();
 use Carp;
 
-our $VERSION = '0.20';
+use namespace::clean -except => 'meta';
+
+our $VERSION = '0.24';
 
 my @session_data_accessors; # used in delete_session
-BEGIN {
-    __PACKAGE__->mk_accessors(
+
+__PACKAGE__->mk_accessors(
         "_session_delete_reason",
         @session_data_accessors = qw/
           _sessionid
@@ -33,13 +33,13 @@ BEGIN {
           _tried_loading_session_expires
           _tried_loading_flash_data
           /
-    );
-}
+);
+
 
 sub setup {
     my $c = shift;
 
-    $c->NEXT::setup(@_);
+    $c->maybe::next::method(@_);
 
     $c->check_session_plugin_requirements;
     $c->setup_session;
@@ -70,10 +70,11 @@ sub setup_session {
     %$cfg = (
         expires        => 7200,
         verify_address => 0,
+        verify_user_agent => 0,
         %$cfg,
     );
 
-    $c->NEXT::setup_session();
+    $c->maybe::next::method();
 }
 
 sub prepare_action {
@@ -86,7 +87,7 @@ sub prepare_action {
         @{ $c->stash }{ keys %$flash_data } = values %$flash_data;
     }
 
-    $c->NEXT::prepare_action(@_);
+    $c->maybe::next::method(@_);
 }
 
 sub finalize_headers {
@@ -95,7 +96,7 @@ sub finalize_headers {
     # fix cookie before we send headers
     $c->_save_session_expires;
 
-    return $c->NEXT::finalize_headers(@_);
+    return $c->maybe::next::method(@_);
 }
 
 sub finalize_body {
@@ -106,13 +107,13 @@ sub finalize_body {
     # the session database (or whatever Session::Store you use).
     $c->finalize_session;
 
-    return $c->NEXT::finalize_body(@_);
+    return $c->maybe::next::method(@_);
 }
 
 sub finalize_session {
     my $c = shift;
 
-    $c->NEXT::finalize_session;
+    $c->maybe::next::method(@_);
 
     $c->_save_session_id;
     $c->_save_session;
@@ -170,12 +171,15 @@ sub _save_flash {
         
         my $sid = $c->sessionid;
 
+        my $session_data = $c->_session;
         if (%$flash_data) {
-            $c->store_session_data( "flash:$sid", $flash_data );
+            $session_data->{__flash} = $flash_data;
         }
         else {
-            $c->delete_session_data("flash:$sid");
+            delete $session_data->{__flash};
         }
+        $c->_session($session_data);
+        $c->_save_session;
     }
 }
 
@@ -222,6 +226,17 @@ sub _load_session {
                 $c->delete_session("address mismatch");
                 return;
             }
+            if (   $c->config->{session}{verify_user_agent}
+                && $session_data->{__user_agent} ne $c->request->user_agent )
+            {
+                $c->log->warn(
+                        "Deleting session $sid due to user agent mismatch ("
+                      . $session_data->{__user_agent} . " != "
+                      . $c->request->user_agent . ")"
+                );
+                $c->delete_session("user agent mismatch");
+                return;
+            }
 
             $c->log->debug(qq/Restored session "$sid"/) if $c->debug;
             $c->_session_data_sig( Object::Signature::signature($session_data) ) if $session_data;
@@ -240,8 +255,11 @@ sub _load_flash {
     $c->_tried_loading_flash_data(1);
 
     if ( my $sid = $c->sessionid ) {
-        if ( my $flash_data = $c->_flash
-            || $c->_flash( $c->get_session_data("flash:$sid") ) )
+
+        my $session_data = $c->session;
+        $c->_flash($session_data->{__flash});
+
+        if ( my $flash_data = $c->_flash )
         {
             $c->_flash_key_hashes({ map { $_ => Object::Signature::signature( \$flash_data->{$_} ) } keys %$flash_data });
             
@@ -267,7 +285,7 @@ sub _expire_session_keys {
 sub _clear_session_instance_data {
     my $c = shift;
     $c->$_(undef) for @session_data_accessors;
-    $c->NEXT::_clear_session_instance_data; # allow other plugins to hook in on this
+    $c->maybe::next::method(@_); # allow other plugins to hook in on this
 }
 
 sub delete_session {
@@ -445,7 +463,12 @@ sub initialize_session_data {
 
             (
                 $c->config->{session}{verify_address}
-                ? ( __address => $c->request->address )
+                ? ( __address => $c->request->address||'' )
+                : ()
+            ),
+            (
+                $c->config->{session}{verify_user_agent}
+                ? ( __user_agent => $c->request->user_agent||'' )
                 : ()
             ),
         }
@@ -510,7 +533,7 @@ sub dump_these {
     my $c = shift;
 
     (
-        $c->NEXT::dump_these(),
+        $c->maybe::next::method(),
 
         $c->sessionid
         ? ( [ "Session ID" => $c->sessionid ], [ Session => $c->session ], )
@@ -519,10 +542,10 @@ sub dump_these {
 }
 
 
-sub get_session_id { shift->NEXT::get_session_id(@_) }
-sub set_session_id { shift->NEXT::set_session_id(@_) }
-sub delete_session_id { shift->NEXT::delete_session_id(@_) }
-sub extend_session_id { shift->NEXT::extend_session_id(@_) }
+sub get_session_id { shift->maybe::next::method(@_) }
+sub set_session_id { shift->maybe::next::method(@_) }
+sub delete_session_id { shift->maybe::next::method(@_) }
+sub extend_session_id { shift->maybe::next::method(@_) }
 
 __PACKAGE__;
 
@@ -689,6 +712,8 @@ changed, call C<keep_flash> and pass in the keys as arguments.
 This method is used to invalidate a session. It takes an optional parameter
 which will be saved in C<session_delete_reason> if provided.
 
+NOTE: This method will B<also> delete your flash data.
+
 =item session_delete_reason
 
 This accessor contains a string with the reason a session was deleted. Possible
@@ -907,6 +932,14 @@ not the same as the address that initiated the session, the session is deleted.
 
 Defaults to false.
 
+=item verify_user_agent
+
+When true, C<<$c->request->user_agent>> will be checked at prepare time. If it
+is not the same as the user agent that initiated the session, the session is 
+deleted.
+
+Defaults to false.
+
 =item flash_to_stash
 
 This option makes it easier to have actions behave the same whether they were
@@ -939,6 +972,11 @@ The time when the session was first created.
 The value of C<< $c->request->address >> at the time the session was created.
 This value is only populated if C<verify_address> is true in the configuration.
 
+=item __user_agent
+
+The value of C<< $c->request->user_agent >> at the time the session was created.
+This value is only populated if C<verify_user_agent> is true in the configuration.
+
 =back
 
 =head1 CAVEATS
@@ -1004,10 +1042,14 @@ Andy Grundman
 
 Christian Hansen
 
-Yuval Kogman, C<nothingmuch@woobling.org> (current maintainer)
+Yuval Kogman, C<nothingmuch@woobling.org>
 
 Sebastian Riedel
 
+Tomas Doran (t0m) C<bobtfish@bobtfish.net> (current maintainer)
+
+Sergio Salvi
+
 And countless other contributers from #catalyst. Thanks guys!
 
 =head1 COPYRIGHT & LICENSE