[catagits/Catalyst-Plugin-Session-State-Cookie.git] / lib / Catalyst / Plugin / Session / State / Cookie.pm

package Catalyst::Plugin::Session::State::Cookie;
use base qw/Catalyst::Plugin::Session::State Class::Accessor::Fast/;

use strict;
use warnings;

use NEXT;
use Catalyst::Utils ();

our $VERSION = "0.08";

BEGIN { __PACKAGE__->mk_accessors(qw/_deleted_session_id/) }

sub setup_session {
    my $c = shift;

    $c->NEXT::setup_session(@_);

    $c->config->{session}{cookie_name}
        ||= Catalyst::Utils::appprefix($c) . '_session';
}

sub extend_session_id {
    my ( $c, $sid, $expires ) = @_;

    if ( my $cookie = $c->get_session_cookie ) {
        $c->update_session_cookie( $c->make_session_cookie( $sid ) );
    }

    $c->NEXT::extend_session_id( $sid, $expires );
}

sub set_session_id {
    my ( $c, $sid ) = @_;

    $c->update_session_cookie( $c->make_session_cookie( $sid ) );

    return $c->NEXT::set_session_id($sid);
}

sub update_session_cookie {
    my ( $c, $updated ) = @_;
    
    unless ( $c->cookie_is_rejecting( $updated ) ) {
        my $cookie_name = $c->config->{session}{cookie_name};
        $c->response->cookies->{$cookie_name} = $updated;
    }
}

sub cookie_is_rejecting {
    my ( $c, $cookie ) = @_;
    
    if ( $cookie->{path} ) {
        return 1 if index '/'.$c->request->path, $cookie->{path};
    }
    
    return 0;
}

sub make_session_cookie {
    my ( $c, $sid, %attrs ) = @_;

    my $cfg    = $c->config->{session};
    my $cookie = {
        value => $sid,
        ( $cfg->{cookie_domain} ? ( domain => $cfg->{cookie_domain} ) : () ),
        ( $cfg->{cookie_path} ? ( path => $cfg->{cookie_path} ) : () ),
        %attrs,
    };

    unless ( exists $cookie->{expires} ) {
        $cookie->{expires} = $c->calculate_session_cookie_expires();
    }

    $cookie->{secure} = 1 if $cfg->{cookie_secure};

    return $cookie;
}

sub calc_expiry { # compat
    my $c = shift;
    $c->NEXT::calc_expiry( @_ ) || $c->calculate_session_cookie_expires( @_ );
}

sub calculate_session_cookie_expires {
    my $c   = shift;
    my $cfg = $c->config->{session};

    my $value = $c->NEXT::calculate_session_cookie_expires(@_);
    return $value if $value;

    if ( exists $cfg->{cookie_expires} ) {
        if ( $cfg->{cookie_expires} > 0 ) {
            return time() + $cfg->{cookie_expires};
        }
        else {
            return undef;
        }
    }
    else {
        return $c->session_expires;
    }
}

sub get_session_cookie {
    my $c = shift;

    my $cookie_name = $c->config->{session}{cookie_name};

    return $c->request->cookies->{$cookie_name};
}

sub get_session_id {
    my $c = shift;

    if ( !$c->_deleted_session_id and my $cookie = $c->get_session_cookie ) { 
        my $sid = $cookie->value;
        $c->log->debug(qq/Found sessionid "$sid" in cookie/) if $c->debug;
        return $sid if $sid;
    }

    $c->NEXT::get_session_id(@_);
}

sub delete_session_id {
    my ( $c, $sid ) = @_;
    
    $c->_deleted_session_id(1); # to prevent get_session_id from returning it

    $c->update_session_cookie( $c->make_session_cookie( $sid, expires => 0 ) );

    $c->NEXT::delete_session_id($sid);
}

__PACKAGE__

__END__

=pod

=head1 NAME

Catalyst::Plugin::Session::State::Cookie - Maintain session IDs using cookies.

=head1 SYNOPSIS

    use Catalyst qw/Session Session::State::Cookie Session::Store::Foo/;

=head1 DESCRIPTION

In order for L<Catalyst::Plugin::Session> to work the session ID needs to be
stored on the client, and the session data needs to be stored on the server.

This plugin stores the session ID on the client using the cookie mechanism.

=head1 METHODS

=over 4

=item make_session_cookie

Returns a hash reference with the default values for new cookies.

=item update_session_cookie $hash_ref

Sets the cookie based on C<cookie_name> in the response object.

=item calc_expiry

=item calculate_session_cookie_expires

=item cookie_is_rejecting

=item delete_session_id

=item extend_session_id

=item get_session_cookie

=item get_session_id

=item set_session_id

=back

=head1 EXTENDED METHODS

=over 4

=item prepare_cookies

Will restore if an appropriate cookie is found.

=item finalize_cookies

Will set a cookie called C<session> if it doesn't exist or if it's value is not
the current session id.

=item setup_session

Will set the C<cookie_name> parameter to it's default value if it isn't set.

=back

=head1 CONFIGURATION

=over 4

=item cookie_name

The name of the cookie to store (defaults to C<Catalyst::Utils::apprefix($c) . '_session'>).

=item cookie_domain

The name of the domain to store in the cookie (defaults to current host)

=item cookie_expires

Number of seconds from now you want to elapse before cookie will expire. 
Set to 0 to create a session cookie, ie one which will die when the 
user's browser is shut down.

=item cookie_secure

If this attribute set true, the cookie will only be sent via HTTPS.

=item cookie_path

The path of the request url where cookie should be baked.

=back

=head1 CAVEATS

Sessions have to be created before the first write to be saved. For example:

	sub action : Local {
		my ( $self, $c ) = @_;
		$c->res->write("foo");
		$c->session( ... );
		...
	}

Will cause a session ID to not be set, because by the time a session is
actually created the headers have already been sent to the client.

=head1 SEE ALSO

L<Catalyst>, L<Catalyst::Plugin::Session>.

=head1 AUTHORS

Yuval Kogman E<lt>nothingmuch@woobling.orgE<gt>

=head1 CONTRIBUTORS

This module is derived from L<Catalyst::Plugin::Session::FastMmap> code, and
has been heavily modified since.

Andrew Ford
Andy Grundman
Christian Hansen
Marcus Ramberg
Jonathan Rockway E<lt>jrockway@cpan.orgE<gt>
Sebastian Riedel

=head1 COPYRIGHT

This program is free software, you can redistribute it and/or modify it
under the same terms as Perl itself.

=cut

1;
Commit	Line	Data
1a776a0c	1	package Catalyst::Plugin::Session::State::Cookie;
ea139a65	2	use base qw/Catalyst::Plugin::Session::State Class::Accessor::Fast/;
bf2bce67	3
bf2bce67	4	use strict;
1a776a0c	5	use warnings;
bf2bce67	6
1a776a0c	7	use NEXT;
74586782	8	use Catalyst::Utils ();
bf2bce67	9
a79a56a8	10	our $VERSION = "0.08";
ea139a65	11
ea139a65	12	BEGIN { __PACKAGE__->mk_accessors(qw/_deleted_session_id/) }
81eb8ebf	13
5e50008f	14	sub setup_session {
20e33791	15	my $c = shift;
5e50008f	16
20e33791	17	$c->NEXT::setup_session(@_);
2bde9162	18
7022ec4c	19	$c->config->{session}{cookie_name}
7022ec4c	20	\|\|= Catalyst::Utils::appprefix($c) . '_session';
5e50008f	21	}
5e50008f	22
0ff18b66	23	sub extend_session_id {
0ff18b66	24	my ( $c, $sid, $expires ) = @_;
1a776a0c	25
2bde9162	26	if ( my $cookie = $c->get_session_cookie ) {
0ff18b66	27	$c->update_session_cookie( $c->make_session_cookie( $sid ) );
58730edc	28	}
db1cda22	29
0b3bde04	30	$c->NEXT::extend_session_id( $sid, $expires );
2bde9162	31	}
	32
	33	sub set_session_id {
	34	my ( $c, $sid ) = @_;
	35
	36	$c->update_session_cookie( $c->make_session_cookie( $sid ) );
	37
0b3bde04	38	return $c->NEXT::set_session_id($sid);
db1cda22	39	}
	40
	41	sub update_session_cookie {
58730edc	42	my ( $c, $updated ) = @_;
8bdcbb46	43
	44	unless ( $c->cookie_is_rejecting( $updated ) ) {
	45	my $cookie_name = $c->config->{session}{cookie_name};
	46	$c->response->cookies->{$cookie_name} = $updated;
	47	}
	48	}
	49
	50	sub cookie_is_rejecting {
	51	my ( $c, $cookie ) = @_;
	52
	53	if ( $cookie->{path} ) {
91e4fe2d	54	return 1 if index '/'.$c->request->path, $cookie->{path};
8bdcbb46	55	}
	56
	57	return 0;
db1cda22	58	}
5e50008f	59
db1cda22	60	sub make_session_cookie {
2bde9162	61	my ( $c, $sid, %attrs ) = @_;
58730edc	62
	63	my $cfg = $c->config->{session};
	64	my $cookie = {
2bde9162	65	value => $sid,
58730edc	66	( $cfg->{cookie_domain} ? ( domain => $cfg->{cookie_domain} ) : () ),
8bdcbb46	67	( $cfg->{cookie_path} ? ( path => $cfg->{cookie_path} ) : () ),
df55e818	68	%attrs,
58730edc	69	};
58730edc	70
2bde9162	71	unless ( exists $cookie->{expires} ) {
	72	$cookie->{expires} = $c->calculate_session_cookie_expires();
	73	}
1e986fd5	74
fc4b9d6d	75	$cookie->{secure} = 1 if $cfg->{cookie_secure};
fc4b9d6d	76
1e986fd5	77	return $cookie;
	78	}
	79
2bde9162	80	sub calc_expiry { # compat
	81	my $c = shift;
	82	$c->NEXT::calc_expiry( @_ ) \|\| $c->calculate_session_cookie_expires( @_ );
	83	}
	84
	85	sub calculate_session_cookie_expires {
	86	my $c = shift;
	87	my $cfg = $c->config->{session};
	88
	89	my $value = $c->NEXT::calculate_session_cookie_expires(@_);
1e986fd5	90	return $value if $value;
2bde9162	91
58730edc	92	if ( exists $cfg->{cookie_expires} ) {
7022ec4c	93	if ( $cfg->{cookie_expires} > 0 ) {
1e986fd5	94	return time() + $cfg->{cookie_expires};
7022ec4c	95	}
7022ec4c	96	else {
1e986fd5	97	return undef;
7022ec4c	98	}
58730edc	99	}
58730edc	100	else {
2bde9162	101	return $c->session_expires;
58730edc	102	}
bf2bce67	103	}
bf2bce67	104
2bde9162	105	sub get_session_cookie {
bf2bce67	106	my $c = shift;
1a776a0c	107
20e33791	108	my $cookie_name = $c->config->{session}{cookie_name};
5e50008f	109
2bde9162	110	return $c->request->cookies->{$cookie_name};
	111	}
	112
	113	sub get_session_id {
	114	my $c = shift;
	115
ea139a65	116	if ( !$c->_deleted_session_id and my $cookie = $c->get_session_cookie ) {
bf2bce67	117	my $sid = $cookie->value;
bf2bce67	118	$c->log->debug(qq/Found sessionid "$sid" in cookie/) if $c->debug;
2bde9162	119	return $sid if $sid;
bf2bce67	120	}
bf2bce67	121
2bde9162	122	$c->NEXT::get_session_id(@_);
	123	}
	124
	125	sub delete_session_id {
df55e818	126	my ( $c, $sid ) = @_;
ea139a65	127
ea139a65	128	$c->_deleted_session_id(1); # to prevent get_session_id from returning it
df55e818	129
	130	$c->update_session_cookie( $c->make_session_cookie( $sid, expires => 0 ) );
	131
	132	$c->NEXT::delete_session_id($sid);
bf2bce67	133	}
bf2bce67	134
1a776a0c	135	__PACKAGE__
57dbf608	136
1a776a0c	137	__END__
bf2bce67	138
1a776a0c	139	=pod
b2f8df5e	140
1a776a0c	141	=head1 NAME
bf2bce67	142
75d3560d	143	Catalyst::Plugin::Session::State::Cookie - Maintain session IDs using cookies.
bf2bce67	144
1a776a0c	145	=head1 SYNOPSIS
bf2bce67	146
20e33791	147	use Catalyst qw/Session Session::State::Cookie Session::Store::Foo/;
bf2bce67	148
1a776a0c	149	=head1 DESCRIPTION
bf2bce67	150
1a776a0c	151	In order for L<Catalyst::Plugin::Session> to work the session ID needs to be
1a776a0c	152	stored on the client, and the session data needs to be stored on the server.
bf2bce67	153
1a776a0c	154	This plugin stores the session ID on the client using the cookie mechanism.
57dbf608	155
724a6173	156	=head1 METHODS
	157
	158	=over 4
	159
	160	=item make_session_cookie
	161
	162	Returns a hash reference with the default values for new cookies.
	163
	164	=item update_session_cookie $hash_ref
	165
	166	Sets the cookie based on C<cookie_name> in the response object.
	167
2cfb85de	168	=item calc_expiry
	169
	170	=item calculate_session_cookie_expires
	171
	172	=item cookie_is_rejecting
	173
	174	=item delete_session_id
	175
	176	=item extend_session_id
	177
	178	=item get_session_cookie
	179
	180	=item get_session_id
	181
	182	=item set_session_id
	183
724a6173	184	=back
724a6173	185
1a776a0c	186	=head1 EXTENDED METHODS
58c05d1a	187
57dbf608	188	=over 4
57dbf608	189
1a776a0c	190	=item prepare_cookies
57dbf608	191
1a776a0c	192	Will restore if an appropriate cookie is found.
58c05d1a	193
d52e5079	194	=item finalize_cookies
58c05d1a	195
19c2baa1	196	Will set a cookie called C<session> if it doesn't exist or if it's value is not
	197	the current session id.
	198
	199	=item setup_session
	200
	201	Will set the C<cookie_name> parameter to it's default value if it isn't set.
58c05d1a	202
57dbf608	203	=back
58c05d1a	204
5e50008f	205	=head1 CONFIGURATION
	206
	207	=over 4
	208
	209	=item cookie_name
	210
ae33e13f	211	The name of the cookie to store (defaults to C<Catalyst::Utils::apprefix($c) . '_session'>).
5e50008f	212
41b4b15c	213	=item cookie_domain
	214
	215	The name of the domain to store in the cookie (defaults to current host)
	216
7022ec4c	217	=item cookie_expires
	218
	219	Number of seconds from now you want to elapse before cookie will expire.
	220	Set to 0 to create a session cookie, ie one which will die when the
	221	user's browser is shut down.
	222
fc4b9d6d	223	=item cookie_secure
	224
	225	If this attribute set true, the cookie will only be sent via HTTPS.
	226
8bdcbb46	227	=item cookie_path
	228
	229	The path of the request url where cookie should be baked.
	230
5e50008f	231	=back
5e50008f	232
724a6173	233	=head1 CAVEATS
db1cda22	234
	235	Sessions have to be created before the first write to be saved. For example:
	236
	237	sub action : Local {
	238	my ( $self, $c ) = @_;
	239	$c->res->write("foo");
	240	$c->session( ... );
	241	...
	242	}
	243
	244	Will cause a session ID to not be set, because by the time a session is
	245	actually created the headers have already been sent to the client.
	246
bf2bce67	247	=head1 SEE ALSO
bf2bce67	248
1a776a0c	249	L<Catalyst>, L<Catalyst::Plugin::Session>.
bf2bce67	250
47f47da5	251	=head1 AUTHORS
bf2bce67	252
8ae6d944	253	Yuval Kogman E<lt>nothingmuch@woobling.orgE<gt>
	254
	255	=head1 CONTRIBUTORS
	256
47f47da5	257	This module is derived from L<Catalyst::Plugin::Session::FastMmap> code, and
	258	has been heavily modified since.
	259
	260	Andrew Ford
	261	Andy Grundman
	262	Christian Hansen
47f47da5	263	Marcus Ramberg
8ae6d944	264	Jonathan Rockway E<lt>jrockway@cpan.orgE<gt>
47f47da5	265	Sebastian Riedel
bf2bce67	266
	267	=head1 COPYRIGHT
	268
bfeb5ca0	269	This program is free software, you can redistribute it and/or modify it
bfeb5ca0	270	under the same terms as Perl itself.
bf2bce67	271
	272	=cut
	273
	274	1;