[catagits/Catalyst-Plugin-Session-State-Cookie.git] / lib / Catalyst / Plugin / Session / State / Cookie.pm

package Catalyst::Plugin::Session::State::Cookie;
use base qw/Catalyst::Plugin::Session::State/;

use strict;
use warnings;

use NEXT;
use Catalyst::Utils ();

our $VERSION = "0.02";

sub setup_session {
    my $c = shift;

    $c->NEXT::setup_session(@_);

    $c->config->{session}{cookie_name}
        ||= Catalyst::Utils::appprefix($c) . '_session';
}

sub finalize_cookies {
    my $c = shift;

    if ( my $cookie = $c->get_session_cookie ) {
        $c->update_session_cookie( $c->make_session_cookie( $cookie->value ) );
    }

    $c->NEXT::finalize_cookies( @_ );
}

sub set_session_id {
    my ( $c, $sid ) = @_;

    $c->update_session_cookie( $c->make_session_cookie( $sid ) );

    return $c->NEXT::set_session_id(@_);
}

sub update_session_cookie {
    my ( $c, $updated ) = @_;
    my $cookie_name = $c->config->{session}{cookie_name};
    $c->response->cookies->{$cookie_name} = $updated;
}

sub make_session_cookie {
    my ( $c, $sid, %attrs ) = @_;

    my $cfg    = $c->config->{session};
    my $cookie = {
        value => $sid,
        %attrs,
        ( $cfg->{cookie_domain} ? ( domain => $cfg->{cookie_domain} ) : () ),
    };

    unless ( exists $cookie->{expires} ) {
        $cookie->{expires} = $c->calculate_session_cookie_expires();
    }

    $cookie->{secure} = 1 if $cfg->{cookie_secure};

    return $cookie;
}

sub calc_expiry { # compat
    my $c = shift;
    $c->NEXT::calc_expiry( @_ ) || $c->calculate_session_cookie_expires( @_ );
}

sub calculate_session_cookie_expires {
    my $c   = shift;
    my $cfg = $c->config->{session};

    my $value = $c->NEXT::calculate_session_cookie_expires(@_);
    return $value if $value;

    if ( exists $cfg->{cookie_expires} ) {
        if ( $cfg->{cookie_expires} > 0 ) {
            return time() + $cfg->{cookie_expires};
        }
        else {
            return undef;
        }
    }
    else {
        return $c->session_expires;
    }
}

sub get_session_cookie {
    my $c = shift;

    my $cookie_name = $c->config->{session}{cookie_name};

    return $c->request->cookies->{$cookie_name};
}

sub get_session_id {
    my $c = shift;

    if ( my $cookie = $c->get_session_cookie  ) { 
        my $sid = $cookie->value;
        $c->log->debug(qq/Found sessionid "$sid" in cookie/) if $c->debug;
        return $sid if $sid;
    }

    $c->NEXT::get_session_id(@_);
}

sub delete_session_id {
    my $c = shift;
    $c->NEXT::delete_session_id();
    delete $c->response->cookies->{ $c->config->{session}{cookie_name} };
}

__PACKAGE__

__END__

=pod

=head1 NAME

Catalyst::Plugin::Session::State::Cookie - Maintain session IDs using cookies.

=head1 SYNOPSIS

    use Catalyst qw/Session Session::State::Cookie Session::Store::Foo/;

=head1 DESCRIPTION

In order for L<Catalyst::Plugin::Session> to work the session ID needs to be
stored on the client, and the session data needs to be stored on the server.

This plugin stores the session ID on the client using the cookie mechanism.

=head1 METHODS

=over 4

=item make_session_cookie

Returns a hash reference with the default values for new cookies.

=item update_session_cookie $hash_ref

Sets the cookie based on C<cookie_name> in the response object.

=back

=head1 EXTENDED METHODS

=over 4

=item prepare_cookies

Will restore if an appropriate cookie is found.

=item finalize_cookies

Will set a cookie called C<session> if it doesn't exist or if it's value is not
the current session id.

=item setup_session

Will set the C<cookie_name> parameter to it's default value if it isn't set.

=back

=head1 CONFIGURATION

=over 4

=item cookie_name

The name of the cookie to store (defaults to C<Catalyst::Utils::apprefix($c) . '_session'>).

=item cookie_domain

The name of the domain to store in the cookie (defaults to current host)

=item cookie_expires

Number of seconds from now you want to elapse before cookie will expire. 
Set to 0 to create a session cookie, ie one which will die when the 
user's browser is shut down.

=item cookie_secure

If this attribute set true, the cookie will only be sent via HTTPS.

=back

=head1 CAVEATS

Sessions have to be created before the first write to be saved. For example:

	sub action : Local {
		my ( $self, $c ) = @_;
		$c->res->write("foo");
		$c->session( ... );
		...
	}

Will cause a session ID to not be set, because by the time a session is
actually created the headers have already been sent to the client.

=head1 SEE ALSO

L<Catalyst>, L<Catalyst::Plugin::Session>.

=head1 AUTHORS

This module is derived from L<Catalyst::Plugin::Session::FastMmap> code, and
has been heavily modified since.

Andrew Ford
Andy Grundman
Christian Hansen
Yuval Kogman, C<nothingmuch@woobling.org>
Marcus Ramberg
Sebastian Riedel

=head1 COPYRIGHT

This program is free software, you can redistribute it and/or modify it
under the same terms as Perl itself.

=cut

1;
Commit	Line	Data
1a776a0c	1	package Catalyst::Plugin::Session::State::Cookie;
1a776a0c	2	use base qw/Catalyst::Plugin::Session::State/;
bf2bce67	3
bf2bce67	4	use strict;
1a776a0c	5	use warnings;
bf2bce67	6
1a776a0c	7	use NEXT;
74586782	8	use Catalyst::Utils ();
bf2bce67	9
00fa6d61	10	our $VERSION = "0.02";
81eb8ebf	11
5e50008f	12	sub setup_session {
20e33791	13	my $c = shift;
5e50008f	14
20e33791	15	$c->NEXT::setup_session(@_);
2bde9162	16
7022ec4c	17	$c->config->{session}{cookie_name}
7022ec4c	18	\|\|= Catalyst::Utils::appprefix($c) . '_session';
5e50008f	19	}
5e50008f	20
d52e5079	21	sub finalize_cookies {
b2f8df5e	22	my $c = shift;
1a776a0c	23
2bde9162	24	if ( my $cookie = $c->get_session_cookie ) {
2bde9162	25	$c->update_session_cookie( $c->make_session_cookie( $cookie->value ) );
58730edc	26	}
db1cda22	27
2bde9162	28	$c->NEXT::finalize_cookies( @_ );
	29	}
	30
	31	sub set_session_id {
	32	my ( $c, $sid ) = @_;
	33
	34	$c->update_session_cookie( $c->make_session_cookie( $sid ) );
	35
	36	return $c->NEXT::set_session_id(@_);
db1cda22	37	}
	38
	39	sub update_session_cookie {
58730edc	40	my ( $c, $updated ) = @_;
20e33791	41	my $cookie_name = $c->config->{session}{cookie_name};
58730edc	42	$c->response->cookies->{$cookie_name} = $updated;
db1cda22	43	}
5e50008f	44
db1cda22	45	sub make_session_cookie {
2bde9162	46	my ( $c, $sid, %attrs ) = @_;
58730edc	47
	48	my $cfg = $c->config->{session};
	49	my $cookie = {
2bde9162	50	value => $sid,
2bde9162	51	%attrs,
58730edc	52	( $cfg->{cookie_domain} ? ( domain => $cfg->{cookie_domain} ) : () ),
	53	};
	54
2bde9162	55	unless ( exists $cookie->{expires} ) {
	56	$cookie->{expires} = $c->calculate_session_cookie_expires();
	57	}
1e986fd5	58
fc4b9d6d	59	$cookie->{secure} = 1 if $cfg->{cookie_secure};
fc4b9d6d	60
1e986fd5	61	return $cookie;
	62	}
	63
2bde9162	64	sub calc_expiry { # compat
	65	my $c = shift;
	66	$c->NEXT::calc_expiry( @_ ) \|\| $c->calculate_session_cookie_expires( @_ );
	67	}
	68
	69	sub calculate_session_cookie_expires {
	70	my $c = shift;
	71	my $cfg = $c->config->{session};
	72
	73	my $value = $c->NEXT::calculate_session_cookie_expires(@_);
1e986fd5	74	return $value if $value;
2bde9162	75
58730edc	76	if ( exists $cfg->{cookie_expires} ) {
7022ec4c	77	if ( $cfg->{cookie_expires} > 0 ) {
1e986fd5	78	return time() + $cfg->{cookie_expires};
7022ec4c	79	}
7022ec4c	80	else {
1e986fd5	81	return undef;
7022ec4c	82	}
58730edc	83	}
58730edc	84	else {
2bde9162	85	return $c->session_expires;
58730edc	86	}
bf2bce67	87	}
bf2bce67	88
2bde9162	89	sub get_session_cookie {
bf2bce67	90	my $c = shift;
1a776a0c	91
20e33791	92	my $cookie_name = $c->config->{session}{cookie_name};
5e50008f	93
2bde9162	94	return $c->request->cookies->{$cookie_name};
	95	}
	96
	97	sub get_session_id {
	98	my $c = shift;
	99
	100	if ( my $cookie = $c->get_session_cookie ) {
bf2bce67	101	my $sid = $cookie->value;
bf2bce67	102	$c->log->debug(qq/Found sessionid "$sid" in cookie/) if $c->debug;
2bde9162	103	return $sid if $sid;
bf2bce67	104	}
bf2bce67	105
2bde9162	106	$c->NEXT::get_session_id(@_);
	107	}
	108
	109	sub delete_session_id {
	110	my $c = shift;
	111	$c->NEXT::delete_session_id();
	112	delete $c->response->cookies->{ $c->config->{session}{cookie_name} };
bf2bce67	113	}
bf2bce67	114
1a776a0c	115	__PACKAGE__
57dbf608	116
1a776a0c	117	__END__
bf2bce67	118
1a776a0c	119	=pod
b2f8df5e	120
1a776a0c	121	=head1 NAME
bf2bce67	122
75d3560d	123	Catalyst::Plugin::Session::State::Cookie - Maintain session IDs using cookies.
bf2bce67	124
1a776a0c	125	=head1 SYNOPSIS
bf2bce67	126
20e33791	127	use Catalyst qw/Session Session::State::Cookie Session::Store::Foo/;
bf2bce67	128
1a776a0c	129	=head1 DESCRIPTION
bf2bce67	130
1a776a0c	131	In order for L<Catalyst::Plugin::Session> to work the session ID needs to be
1a776a0c	132	stored on the client, and the session data needs to be stored on the server.
bf2bce67	133
1a776a0c	134	This plugin stores the session ID on the client using the cookie mechanism.
57dbf608	135
724a6173	136	=head1 METHODS
	137
	138	=over 4
	139
	140	=item make_session_cookie
	141
	142	Returns a hash reference with the default values for new cookies.
	143
	144	=item update_session_cookie $hash_ref
	145
	146	Sets the cookie based on C<cookie_name> in the response object.
	147
	148	=back
	149
1a776a0c	150	=head1 EXTENDED METHODS
58c05d1a	151
57dbf608	152	=over 4
57dbf608	153
1a776a0c	154	=item prepare_cookies
57dbf608	155
1a776a0c	156	Will restore if an appropriate cookie is found.
58c05d1a	157
d52e5079	158	=item finalize_cookies
58c05d1a	159
19c2baa1	160	Will set a cookie called C<session> if it doesn't exist or if it's value is not
	161	the current session id.
	162
	163	=item setup_session
	164
	165	Will set the C<cookie_name> parameter to it's default value if it isn't set.
58c05d1a	166
57dbf608	167	=back
58c05d1a	168
5e50008f	169	=head1 CONFIGURATION
	170
	171	=over 4
	172
	173	=item cookie_name
	174
ae33e13f	175	The name of the cookie to store (defaults to C<Catalyst::Utils::apprefix($c) . '_session'>).
5e50008f	176
41b4b15c	177	=item cookie_domain
	178
	179	The name of the domain to store in the cookie (defaults to current host)
	180
7022ec4c	181	=item cookie_expires
	182
	183	Number of seconds from now you want to elapse before cookie will expire.
	184	Set to 0 to create a session cookie, ie one which will die when the
	185	user's browser is shut down.
	186
fc4b9d6d	187	=item cookie_secure
	188
	189	If this attribute set true, the cookie will only be sent via HTTPS.
	190
5e50008f	191	=back
5e50008f	192
724a6173	193	=head1 CAVEATS
db1cda22	194
	195	Sessions have to be created before the first write to be saved. For example:
	196
	197	sub action : Local {
	198	my ( $self, $c ) = @_;
	199	$c->res->write("foo");
	200	$c->session( ... );
	201	...
	202	}
	203
	204	Will cause a session ID to not be set, because by the time a session is
	205	actually created the headers have already been sent to the client.
	206
bf2bce67	207	=head1 SEE ALSO
bf2bce67	208
1a776a0c	209	L<Catalyst>, L<Catalyst::Plugin::Session>.
bf2bce67	210
47f47da5	211	=head1 AUTHORS
bf2bce67	212
47f47da5	213	This module is derived from L<Catalyst::Plugin::Session::FastMmap> code, and
	214	has been heavily modified since.
	215
	216	Andrew Ford
	217	Andy Grundman
	218	Christian Hansen
	219	Yuval Kogman, C<nothingmuch@woobling.org>
	220	Marcus Ramberg
	221	Sebastian Riedel
bf2bce67	222
	223	=head1 COPYRIGHT
	224
bfeb5ca0	225	This program is free software, you can redistribute it and/or modify it
bfeb5ca0	226	under the same terms as Perl itself.
bf2bce67	227
	228	=cut
	229
	230	1;