[catagits/Catalyst-Plugin-Session-State-Cookie.git] / lib / Catalyst / Plugin / Session / State / Cookie.pm

package Catalyst::Plugin::Session::State::Cookie;
use base qw/Catalyst::Plugin::Session::State/;

use strict;
use warnings;

use NEXT;
use Catalyst::Utils ();

our $VERSION = "0.04";

sub setup_session {
    my $c = shift;

    $c->NEXT::setup_session(@_);

    $c->config->{session}{cookie_name}
        ||= Catalyst::Utils::appprefix($c) . '_session';
}

sub extend_session_id {
    my ( $c, $sid, $expires ) = @_;

    if ( my $cookie = $c->get_session_cookie ) {
        $c->update_session_cookie( $c->make_session_cookie( $sid ) );
    }

    $c->NEXT::extend_session_id( @_ );
}

sub set_session_id {
    my ( $c, $sid ) = @_;

    $c->update_session_cookie( $c->make_session_cookie( $sid ) );

    return $c->NEXT::set_session_id(@_);
}

sub update_session_cookie {
    my ( $c, $updated ) = @_;
    my $cookie_name = $c->config->{session}{cookie_name};
    $c->response->cookies->{$cookie_name} = $updated;
}

sub make_session_cookie {
    my ( $c, $sid, %attrs ) = @_;

    my $cfg    = $c->config->{session};
    my $cookie = {
        value => $sid,
        ( $cfg->{cookie_domain} ? ( domain => $cfg->{cookie_domain} ) : () ),
        %attrs,
    };

    unless ( exists $cookie->{expires} ) {
        $cookie->{expires} = $c->calculate_session_cookie_expires();
    }

    $cookie->{secure} = 1 if $cfg->{cookie_secure};

    return $cookie;
}

sub calc_expiry { # compat
    my $c = shift;
    $c->NEXT::calc_expiry( @_ ) || $c->calculate_session_cookie_expires( @_ );
}

sub calculate_session_cookie_expires {
    my $c   = shift;
    my $cfg = $c->config->{session};

    my $value = $c->NEXT::calculate_session_cookie_expires(@_);
    return $value if $value;

    if ( exists $cfg->{cookie_expires} ) {
        if ( $cfg->{cookie_expires} > 0 ) {
            return time() + $cfg->{cookie_expires};
        }
        else {
            return undef;
        }
    }
    else {
        return $c->session_expires;
    }
}

sub get_session_cookie {
    my $c = shift;

    my $cookie_name = $c->config->{session}{cookie_name};

    return $c->request->cookies->{$cookie_name};
}

sub get_session_id {
    my $c = shift;

    if ( my $cookie = $c->get_session_cookie  ) { 
        my $sid = $cookie->value;
        $c->log->debug(qq/Found sessionid "$sid" in cookie/) if $c->debug;
        return $sid if $sid;
    }

    $c->NEXT::get_session_id(@_);
}

sub delete_session_id {
    my ( $c, $sid ) = @_;

    $c->update_session_cookie( $c->make_session_cookie( $sid, expires => 0 ) );

    $c->NEXT::delete_session_id($sid);
}

__PACKAGE__

__END__

=pod

=head1 NAME

Catalyst::Plugin::Session::State::Cookie - Maintain session IDs using cookies.

=head1 SYNOPSIS

    use Catalyst qw/Session Session::State::Cookie Session::Store::Foo/;

=head1 DESCRIPTION

In order for L<Catalyst::Plugin::Session> to work the session ID needs to be
stored on the client, and the session data needs to be stored on the server.

This plugin stores the session ID on the client using the cookie mechanism.

=head1 METHODS

=over 4

=item make_session_cookie

Returns a hash reference with the default values for new cookies.

=item update_session_cookie $hash_ref

Sets the cookie based on C<cookie_name> in the response object.

=back

=head1 EXTENDED METHODS

=over 4

=item prepare_cookies

Will restore if an appropriate cookie is found.

=item finalize_cookies

Will set a cookie called C<session> if it doesn't exist or if it's value is not
the current session id.

=item setup_session

Will set the C<cookie_name> parameter to it's default value if it isn't set.

=back

=head1 CONFIGURATION

=over 4

=item cookie_name

The name of the cookie to store (defaults to C<Catalyst::Utils::apprefix($c) . '_session'>).

=item cookie_domain

The name of the domain to store in the cookie (defaults to current host)

=item cookie_expires

Number of seconds from now you want to elapse before cookie will expire. 
Set to 0 to create a session cookie, ie one which will die when the 
user's browser is shut down.

=item cookie_secure

If this attribute set true, the cookie will only be sent via HTTPS.

=back

=head1 CAVEATS

Sessions have to be created before the first write to be saved. For example:

	sub action : Local {
		my ( $self, $c ) = @_;
		$c->res->write("foo");
		$c->session( ... );
		...
	}

Will cause a session ID to not be set, because by the time a session is
actually created the headers have already been sent to the client.

=head1 SEE ALSO

L<Catalyst>, L<Catalyst::Plugin::Session>.

=head1 AUTHORS

This module is derived from L<Catalyst::Plugin::Session::FastMmap> code, and
has been heavily modified since.

Andrew Ford
Andy Grundman
Christian Hansen
Yuval Kogman, C<nothingmuch@woobling.org>
Marcus Ramberg
Sebastian Riedel

=head1 COPYRIGHT

This program is free software, you can redistribute it and/or modify it
under the same terms as Perl itself.

=cut

1;
Commit	Line	Data
1a776a0c	1	package Catalyst::Plugin::Session::State::Cookie;
1a776a0c	2	use base qw/Catalyst::Plugin::Session::State/;
bf2bce67	3
bf2bce67	4	use strict;
1a776a0c	5	use warnings;
bf2bce67	6
1a776a0c	7	use NEXT;
74586782	8	use Catalyst::Utils ();
bf2bce67	9
3e8b97ed	10	our $VERSION = "0.04";
81eb8ebf	11
5e50008f	12	sub setup_session {
20e33791	13	my $c = shift;
5e50008f	14
20e33791	15	$c->NEXT::setup_session(@_);
2bde9162	16
7022ec4c	17	$c->config->{session}{cookie_name}
7022ec4c	18	\|\|= Catalyst::Utils::appprefix($c) . '_session';
5e50008f	19	}
5e50008f	20
0ff18b66	21	sub extend_session_id {
0ff18b66	22	my ( $c, $sid, $expires ) = @_;
1a776a0c	23
2bde9162	24	if ( my $cookie = $c->get_session_cookie ) {
0ff18b66	25	$c->update_session_cookie( $c->make_session_cookie( $sid ) );
58730edc	26	}
db1cda22	27
0ff18b66	28	$c->NEXT::extend_session_id( @_ );
2bde9162	29	}
	30
	31	sub set_session_id {
	32	my ( $c, $sid ) = @_;
	33
	34	$c->update_session_cookie( $c->make_session_cookie( $sid ) );
	35
	36	return $c->NEXT::set_session_id(@_);
db1cda22	37	}
	38
	39	sub update_session_cookie {
58730edc	40	my ( $c, $updated ) = @_;
20e33791	41	my $cookie_name = $c->config->{session}{cookie_name};
58730edc	42	$c->response->cookies->{$cookie_name} = $updated;
db1cda22	43	}
5e50008f	44
db1cda22	45	sub make_session_cookie {
2bde9162	46	my ( $c, $sid, %attrs ) = @_;
58730edc	47
	48	my $cfg = $c->config->{session};
	49	my $cookie = {
2bde9162	50	value => $sid,
58730edc	51	( $cfg->{cookie_domain} ? ( domain => $cfg->{cookie_domain} ) : () ),
df55e818	52	%attrs,
58730edc	53	};
58730edc	54
2bde9162	55	unless ( exists $cookie->{expires} ) {
	56	$cookie->{expires} = $c->calculate_session_cookie_expires();
	57	}
1e986fd5	58
fc4b9d6d	59	$cookie->{secure} = 1 if $cfg->{cookie_secure};
fc4b9d6d	60
1e986fd5	61	return $cookie;
	62	}
	63
2bde9162	64	sub calc_expiry { # compat
	65	my $c = shift;
	66	$c->NEXT::calc_expiry( @_ ) \|\| $c->calculate_session_cookie_expires( @_ );
	67	}
	68
	69	sub calculate_session_cookie_expires {
	70	my $c = shift;
	71	my $cfg = $c->config->{session};
	72
	73	my $value = $c->NEXT::calculate_session_cookie_expires(@_);
1e986fd5	74	return $value if $value;
2bde9162	75
58730edc	76	if ( exists $cfg->{cookie_expires} ) {
7022ec4c	77	if ( $cfg->{cookie_expires} > 0 ) {
1e986fd5	78	return time() + $cfg->{cookie_expires};
7022ec4c	79	}
7022ec4c	80	else {
1e986fd5	81	return undef;
7022ec4c	82	}
58730edc	83	}
58730edc	84	else {
2bde9162	85	return $c->session_expires;
58730edc	86	}
bf2bce67	87	}
bf2bce67	88
2bde9162	89	sub get_session_cookie {
bf2bce67	90	my $c = shift;
1a776a0c	91
20e33791	92	my $cookie_name = $c->config->{session}{cookie_name};
5e50008f	93
2bde9162	94	return $c->request->cookies->{$cookie_name};
	95	}
	96
	97	sub get_session_id {
	98	my $c = shift;
	99
	100	if ( my $cookie = $c->get_session_cookie ) {
bf2bce67	101	my $sid = $cookie->value;
bf2bce67	102	$c->log->debug(qq/Found sessionid "$sid" in cookie/) if $c->debug;
2bde9162	103	return $sid if $sid;
bf2bce67	104	}
bf2bce67	105
2bde9162	106	$c->NEXT::get_session_id(@_);
	107	}
	108
	109	sub delete_session_id {
df55e818	110	my ( $c, $sid ) = @_;
	111
	112	$c->update_session_cookie( $c->make_session_cookie( $sid, expires => 0 ) );
	113
	114	$c->NEXT::delete_session_id($sid);
bf2bce67	115	}
bf2bce67	116
1a776a0c	117	__PACKAGE__
57dbf608	118
1a776a0c	119	__END__
bf2bce67	120
1a776a0c	121	=pod
b2f8df5e	122
1a776a0c	123	=head1 NAME
bf2bce67	124
75d3560d	125	Catalyst::Plugin::Session::State::Cookie - Maintain session IDs using cookies.
bf2bce67	126
1a776a0c	127	=head1 SYNOPSIS
bf2bce67	128
20e33791	129	use Catalyst qw/Session Session::State::Cookie Session::Store::Foo/;
bf2bce67	130
1a776a0c	131	=head1 DESCRIPTION
bf2bce67	132
1a776a0c	133	In order for L<Catalyst::Plugin::Session> to work the session ID needs to be
1a776a0c	134	stored on the client, and the session data needs to be stored on the server.
bf2bce67	135
1a776a0c	136	This plugin stores the session ID on the client using the cookie mechanism.
57dbf608	137
724a6173	138	=head1 METHODS
	139
	140	=over 4
	141
	142	=item make_session_cookie
	143
	144	Returns a hash reference with the default values for new cookies.
	145
	146	=item update_session_cookie $hash_ref
	147
	148	Sets the cookie based on C<cookie_name> in the response object.
	149
	150	=back
	151
1a776a0c	152	=head1 EXTENDED METHODS
58c05d1a	153
57dbf608	154	=over 4
57dbf608	155
1a776a0c	156	=item prepare_cookies
57dbf608	157
1a776a0c	158	Will restore if an appropriate cookie is found.
58c05d1a	159
d52e5079	160	=item finalize_cookies
58c05d1a	161
19c2baa1	162	Will set a cookie called C<session> if it doesn't exist or if it's value is not
	163	the current session id.
	164
	165	=item setup_session
	166
	167	Will set the C<cookie_name> parameter to it's default value if it isn't set.
58c05d1a	168
57dbf608	169	=back
58c05d1a	170
5e50008f	171	=head1 CONFIGURATION
	172
	173	=over 4
	174
	175	=item cookie_name
	176
ae33e13f	177	The name of the cookie to store (defaults to C<Catalyst::Utils::apprefix($c) . '_session'>).
5e50008f	178
41b4b15c	179	=item cookie_domain
	180
	181	The name of the domain to store in the cookie (defaults to current host)
	182
7022ec4c	183	=item cookie_expires
	184
	185	Number of seconds from now you want to elapse before cookie will expire.
	186	Set to 0 to create a session cookie, ie one which will die when the
	187	user's browser is shut down.
	188
fc4b9d6d	189	=item cookie_secure
	190
	191	If this attribute set true, the cookie will only be sent via HTTPS.
	192
5e50008f	193	=back
5e50008f	194
724a6173	195	=head1 CAVEATS
db1cda22	196
	197	Sessions have to be created before the first write to be saved. For example:
	198
	199	sub action : Local {
	200	my ( $self, $c ) = @_;
	201	$c->res->write("foo");
	202	$c->session( ... );
	203	...
	204	}
	205
	206	Will cause a session ID to not be set, because by the time a session is
	207	actually created the headers have already been sent to the client.
	208
bf2bce67	209	=head1 SEE ALSO
bf2bce67	210
1a776a0c	211	L<Catalyst>, L<Catalyst::Plugin::Session>.
bf2bce67	212
47f47da5	213	=head1 AUTHORS
bf2bce67	214
47f47da5	215	This module is derived from L<Catalyst::Plugin::Session::FastMmap> code, and
	216	has been heavily modified since.
	217
	218	Andrew Ford
	219	Andy Grundman
	220	Christian Hansen
	221	Yuval Kogman, C<nothingmuch@woobling.org>
	222	Marcus Ramberg
	223	Sebastian Riedel
bf2bce67	224
	225	=head1 COPYRIGHT
	226
bfeb5ca0	227	This program is free software, you can redistribute it and/or modify it
bfeb5ca0	228	under the same terms as Perl itself.
bf2bce67	229
	230	=cut
	231
	232	1;