1 package Plack::Middleware::Session::Cookie;
3 use parent qw(Plack::Middleware::Session);
5 use Plack::Util::Accessor qw(secret session_key domain expires path secure);
13 use Plack::Session::State::Cookie;
18 Plack::Util::load_class($self->session_class) if $self->session_class;
19 $self->session_key("plack_session") unless $self->session_key;
21 $self->state( Plack::Session::State::Cookie->new );
22 for my $attr (qw(session_key path domain expires secure)) {
23 $self->state->$attr($self->$attr);
28 my($self, $request) = @_;
30 my $cookie = $self->state->get_session_id($request) or return;
32 my($time, $b64, $sig) = split /:/, $cookie, 3;
33 $self->sig($b64) eq $sig or return;
35 my $session = Storable::thaw(MIME::Base64::decode($b64));
36 return ($time, $session);
41 return Time::HiRes::gettimeofday;
47 my($self, $id, $res, $env) = @_;
49 my $cookie = $self->_serialize($id, $env->{'psgix.session'});
50 $self->state->finalize($cookie, $res, $env->{'psgix.session.options'});
54 my($self, $id, $session) = @_;
56 my $b64 = MIME::Base64::encode( Storable::freeze($session), '' );
57 join ":", $id, $b64, $self->sig($b64);
62 return '.' unless $self->secret;
63 Digest::HMAC_SHA1::hmac_sha1_hex($b64, $self->secret);
72 Plack::Middleware::Session::Cookie - Session middleware that saves session data in the cookie
76 enable "Session::Cookie";
80 This middleware component allows you to use the cookie as a sole
81 cookie state and store, without any server side storage to do the
82 session management. This middleware utilizes its own state and store
83 automatically for you, so you can't override the objects.
87 This middleware is a subclass of L<Plack::Middleware::Session> and
88 accepts most configuration of the parent class. In addition, following
95 Server side secret to sign the session data using HMAC SHA1. Defaults
96 to nothing (i.e. do not sign) but B<strongly recommended> to set your
99 =item session_key, domain, expires, path, secure
101 Accessors for the cookie attribuets. See
102 L<Plack::Session::State::Cookie> for these options.
112 Rack::Session::Cookie L<Dancer::Session::Cookie>