1 package Plack::Middleware::Session;
6 our $AUTHORITY = 'cpan:STEVAN';
11 use parent 'Plack::Middleware';
13 use Plack::Util::Accessor qw(
22 $self->state( 'Cookie' ) unless $self->state;
23 $self->state( $self->inflate_backend('Plack::Session::State', $self->state) );
24 $self->store( $self->inflate_backend('Plack::Session::Store', $self->store) );
26 Plack::Util::load_class($self->session_class) if $self->session_class;
30 my($self, $prefix, $backend) = @_;
32 return $backend if defined $backend && Scalar::Util::blessed $backend;
35 push @class, $backend if defined $backend; # undef means the root class
38 Plack::Util::load_class(@class)->new();
45 my($id, $session) = $self->get_session($env);
46 if ($id && $session) {
47 $env->{'psgix.session'} = $session;
49 $id = $self->generate_id($env);
50 $env->{'psgix.session'} = {};
53 $env->{'psgix.session.options'} = { id => $id };
55 if ($self->session_class) {
56 $env->{'plack.session'} = $self->session_class->new($env);
59 my $res = $self->app->($env);
60 $self->response_cb($res, sub { $self->finalize($env, $_[0]) });
66 my $id = $self->state->extract($env) or return;
67 my $session = $self->store->fetch($id) or return;
69 return ($id, $session);
74 $self->state->generate($env);
80 my $session = $env->{'psgix.session'};
81 my $options = $env->{'psgix.session.options'};
83 if ($options->{expire}) {
84 $self->store->remove($options->{id});
86 $self->store->store($options->{id}, $session);
91 my($self, $env, $res) = @_;
93 my $session = $env->{'psgix.session'};
94 my $options = $env->{'psgix.session.options'};
96 $self->commit($env) unless $options->{no_store};
97 if ($options->{expire}) {
98 $self->expire_session($options->{id}, $res, $env);
100 $self->save_state($options->{id}, $res, $env);
105 my($self, $id, $res, $env) = @_;
106 $self->state->expire_session_id($id, $res, $env->{'psgix.session.options'});
110 my($self, $id, $res, $env) = @_;
111 $self->state->finalize($id, $res, $env->{'psgix.session.options'});
122 Plack::Middleware::Session - Middleware for session management
130 my $session = $env->{'psgix.session'};
133 [ 'Content-Type' => 'text/plain' ],
134 [ "Hello, you've been here for ", $session->{counter}++, "th time!" ],
143 # Or, use the File store backend (great if you use multiprocess server)
144 # For more options, see perldoc Plack::Session::Store::File
146 enable 'Session', store => 'File';
152 This is a Plack Middleware component for session management. By
153 default it will use cookies to keep session state and store data in
154 memory. This distribution also comes with other state and store
155 solutions. See perldoc for these backends how to use them.
157 It should be noted that we store the current session as a hash
158 reference in the C<psgix.session> key inside the C<$env> where you can
161 B<NOTE:> As of version 0.04 the session is stored in C<psgix.session>
162 instead of C<plack.session>.
164 Also, if you set I<session_class> option (see below), we create a
165 session object out of the hash reference in C<plack.session>.
171 =item L<Plack::Session::State>
173 This will maintain session state by passing the session through
174 the request params. It does not do this automatically though,
175 you are responsible for passing the session param.
177 =item L<Plack::Session::State::Cookie>
179 This will maintain session state using browser cookies.
187 =item L<Plack::Session::Store>
189 This is your basic in-memory session data store. It is volatile storage
190 and not recommended for multiprocessing environments. However it is
191 very useful for development and testing.
193 =item L<Plack::Session::Store::File>
195 This will persist session data in a file. By default it uses
196 L<Storable> but it can be configured to have a custom serializer and
199 =item L<Plack::Session::Store::Cache>
201 This will persist session data using the L<Cache> interface.
203 =item L<Plack::Session::Store::Null>
205 Sometimes you don't care about storing session data, in that case
206 you can use this noop module.
212 The following are options that can be passed to this mdoule.
218 This is expected to be an instance of L<Plack::Session::State> or an
219 object that implements the same interface. If no option is provided
220 the default L<Plack::Session::State::Cookie> will be used.
224 This is expected to be an instance of L<Plack::Session::Store> or an
225 object that implements the same interface. If no option is provided
226 the default L<Plack::Session::Store> will be used.
228 It should be noted that this default is an in-memory volatile store
229 is only suitable for development (or single process servers). For a
230 more robust solution see L<Plack::Session::Store::File> or
231 L<Plack::Session::Store::Cache>.
233 =item I<session_class>
235 This can be used to create an actual session object in
236 C<plack.session> environment. Defaults to none, which means the
237 session object is not created but you can set C<Plack::Session> to
238 create an object for you.
244 All complex software has bugs lurking in it, and this module is no
245 exception. If you find a bug please either email me, or add the bug
252 Stevan Little E<lt>stevan.little@iinteractive.comE<gt>
254 =head1 COPYRIGHT AND LICENSE
256 Copyright 2009, 2010 Infinity Interactive, Inc.
258 L<http://www.iinteractive.com>
260 This library is free software; you can redistribute it and/or modify
261 it under the same terms as Perl itself.