[catagits/Web-Session.git] / lib / Plack / Middleware / Session / Cookie.pm

package Plack::Middleware::Session::Cookie;
use strict;
use parent qw(Plack::Middleware::Session);

use Plack::Util::Accessor qw(secret session_key domain expires path secure);

use Digest::HMAC_SHA1;
use MIME::Base64 ();
use Storable ();
use Time::HiRes;
use Plack::Util;

use Plack::Session::State::Cookie;

sub prepare_app {
    my $self = shift;

    Plack::Util::load_class($self->session_class) if $self->session_class;
    $self->session_key("plack_session") unless $self->session_key;

    $self->state( Plack::Session::State::Cookie->new );
    for my $attr (qw(session_key path domain expires secure)) {
        $self->state->$attr($self->$attr);
    }
}

sub get_session {
    my($self, $request) = @_;

    my $cookie = $self->state->get_session_id($request) or return;

    my($time, $b64, $sig) = split /:/, $cookie, 3;
    $self->sig($b64) eq $sig or return;

    my $session = Storable::thaw(MIME::Base64::decode($b64));
    return ($time, $session);
}

sub generate_id {
    my $self = shift;
    return Time::HiRes::gettimeofday;
}

sub commit { }

sub save_state {
    my($self, $id, $res, $session, $options) = @_;

    my $cookie = $self->_serialize($id, $session);
    $self->state->finalize($cookie, $res, $options);
}

sub _serialize {
    my($self, $id, $session) = @_;

    my $b64 = MIME::Base64::encode( Storable::freeze($session), '' );
    join ":", $id, $b64, $self->sig($b64);
}

sub sig {
    my($self, $b64) = @_;
    return '.' unless $self->secret;
    Digest::HMAC_SHA1::hmac_sha1_hex($b64, $self->secret);
}

1;

__END__

=head1 NAME

Plack::Middleware::Session::Cookie - Session middleware that saves session data in the cookie

=head1 SYNOPSIS

  enable "Session::Cookie";

=head1 DESCRIPTION

This middleware component allows you to use the cookie as a sole
cookie state and store, without any server side storage to do the
session management. This middleware utilizes its own state and store
automatically for you, so you can't override the objects.

=head1 CONFIGURATIONS

This middleware is a subclass of L<Plack::Middleware::Session> and
accepts most configuration of the parent class. In addition, following
options are accepted.

=over 4

=item secret

Server side secret to sign the session data using HMAC SHA1. Defaults
to nothing (i.e. do not sign) but B<strongly recommended> to set your
own secret string.

=item session_key, domain, expires, path, secure

Accessors for the cookie attribuets. See
L<Plack::Session::State::Cookie> for these options.

=back

=head1 AUTHOR

Tatsuhiko Miyagawa

=head1 SEE ALSO

Rack::Session::Cookie L<Dancer::Session::Cookie>

=cut
Commit	Line	Data
d326e755	1	package Plack::Middleware::Session::Cookie;
	2	use strict;
	3	use parent qw(Plack::Middleware::Session);
	4
	5	use Plack::Util::Accessor qw(secret session_key domain expires path secure);
	6
	7	use Digest::HMAC_SHA1;
	8	use MIME::Base64 ();
	9	use Storable ();
	10	use Time::HiRes;
	11	use Plack::Util;
	12
	13	use Plack::Session::State::Cookie;
	14
	15	sub prepare_app {
	16	my $self = shift;
	17
4ff41723	18	Plack::Util::load_class($self->session_class) if $self->session_class;
d326e755	19	$self->session_key("plack_session") unless $self->session_key;
d326e755	20
dc556d28	21	$self->state( Plack::Session::State::Cookie->new );
d326e755	22	for my $attr (qw(session_key path domain expires secure)) {
dc556d28	23	$self->state->$attr($self->$attr);
d326e755	24	}
dc556d28	25	}
	26
	27	sub get_session {
	28	my($self, $request) = @_;
	29
	30	my $cookie = $self->state->get_session_id($request) or return;
d326e755	31
dc556d28	32	my($time, $b64, $sig) = split /:/, $cookie, 3;
	33	$self->sig($b64) eq $sig or return;
	34
	35	my $session = Storable::thaw(MIME::Base64::decode($b64));
	36	return ($time, $session);
d326e755	37	}
d326e755	38
dc556d28	39	sub generate_id {
	40	my $self = shift;
	41	return Time::HiRes::gettimeofday;
	42	}
4ff41723	43
dc556d28	44	sub commit { }
	45
	46	sub save_state {
	47	my($self, $id, $res, $session, $options) = @_;
	48
	49	my $cookie = $self->_serialize($id, $session);
	50	$self->state->finalize($cookie, $res, $options);
4ff41723	51	}
4ff41723	52
d326e755	53	sub _serialize {
dc556d28	54	my($self, $id, $session) = @_;
d326e755	55
d326e755	56	my $b64 = MIME::Base64::encode( Storable::freeze($session), '' );
dc556d28	57	join ":", $id, $b64, $self->sig($b64);
d326e755	58	}
	59
	60	sub sig {
	61	my($self, $b64) = @_;
	62	return '.' unless $self->secret;
	63	Digest::HMAC_SHA1::hmac_sha1_hex($b64, $self->secret);
	64	}
	65
	66	1;
	67
	68	__END__
	69
	70	=head1 NAME
	71
	72	Plack::Middleware::Session::Cookie - Session middleware that saves session data in the cookie
	73
	74	=head1 SYNOPSIS
	75
	76	enable "Session::Cookie";
	77
	78	=head1 DESCRIPTION
	79
	80	This middleware component allows you to use the cookie as a sole
	81	cookie state and store, without any server side storage to do the
	82	session management. This middleware utilizes its own state and store
	83	automatically for you, so you can't override the objects.
	84
	85	=head1 CONFIGURATIONS
	86
	87	This middleware is a subclass of L<Plack::Middleware::Session> and
	88	accepts most configuration of the parent class. In addition, following
	89	options are accepted.
	90
	91	=over 4
	92
	93	=item secret
	94
	95	Server side secret to sign the session data using HMAC SHA1. Defaults
	96	to nothing (i.e. do not sign) but B<strongly recommended> to set your
	97	own secret string.
	98
	99	=item session_key, domain, expires, path, secure
	100
	101	Accessors for the cookie attribuets. See
	102	L<Plack::Session::State::Cookie> for these options.
	103
	104	=back
	105
	106	=head1 AUTHOR
	107
	108	Tatsuhiko Miyagawa
	109
	110	=head1 SEE ALSO
	111
	112	Rack::Session::Cookie L<Dancer::Session::Cookie>
	113
	114	=cut
	115