1 package Plack::Middleware::Session::Cookie;
3 use parent qw(Plack::Middleware::Session);
5 use Plack::Util::Accessor qw(secret session_key domain expires path secure);
13 use Plack::Session::State::Cookie;
18 $self->session_class("Plack::Session");
19 $self->session_key("plack_session") unless $self->session_key;
21 my $state_cookie = Plack::Session::State::Cookie->new;
22 for my $attr (qw(session_key path domain expires secure)) {
23 $state_cookie->$attr($self->$attr);
26 my $state = Plack::Util::inline_object
27 generate => sub { $self->_serialize({}) },
29 my $cookie = $state_cookie->get_session_id(@_) or return;
31 my($time, $b64, $sig) = split /:/, $cookie, 3;
32 $self->sig($b64) eq $sig or return;
36 expire_session_id => sub { $state_cookie->expire_session_id(@_) },
38 my($id, $response, $session) = @_;
39 my $cookie = $self->_serialize($session->dump);
40 $state_cookie->finalize($cookie, $response);
43 my $store = Plack::Util::inline_object
46 my($time, $b64, $sig) = split /:/, $id, 3;
47 Storable::thaw(MIME::Base64::decode($b64));
57 my($self, $session) = @_;
59 my $now = Time::HiRes::gettimeofday;
60 my $b64 = MIME::Base64::encode( Storable::freeze($session), '' );
61 join ":", $now, $b64, $self->sig($b64);
66 return '.' unless $self->secret;
67 Digest::HMAC_SHA1::hmac_sha1_hex($b64, $self->secret);
76 Plack::Middleware::Session::Cookie - Session middleware that saves session data in the cookie
80 enable "Session::Cookie";
84 This middleware component allows you to use the cookie as a sole
85 cookie state and store, without any server side storage to do the
86 session management. This middleware utilizes its own state and store
87 automatically for you, so you can't override the objects.
91 This middleware is a subclass of L<Plack::Middleware::Session> and
92 accepts most configuration of the parent class. In addition, following
99 Server side secret to sign the session data using HMAC SHA1. Defaults
100 to nothing (i.e. do not sign) but B<strongly recommended> to set your
103 =item session_key, domain, expires, path, secure
105 Accessors for the cookie attribuets. See
106 L<Plack::Session::State::Cookie> for these options.
116 Rack::Session::Cookie L<Dancer::Session::Cookie>