1 package Plack::Session::State;
7 use Plack::Util::Accessor qw[
13 my ($class, %params) = @_;
15 $params{'_expired'} ||= +{};
16 $params{'session_key'} ||= 'plack_session';
17 $params{'sid_generator'} ||= sub {
18 Digest::SHA1::sha1_hex(rand() . $$ . {} . time)
21 bless { %params } => $class;
24 sub expire_session_id {
26 $self->{'_expired'}->{ $id }++;
29 sub is_session_expired {
31 exists $self->{'_expired'}->{ $id }
36 return unless $id && not $self->is_session_expired( $id );
41 my ($self, $request) = @_;
42 $self->extract( $request )
44 $self->generate( $request )
48 my ($self, $request) = @_;
49 $self->check_expired( $request->param( $self->session_key ) );
54 $self->sid_generator->( @_ );
59 my ($self, $id, $response) = @_;
71 Plack::Session::State - Basic parameter-based session state
76 use Plack::Middleware::Session;
77 use Plack::Session::State;
80 return [ 200, [ 'Content-Type' => 'text/plain' ], [ 'Hello Foo' ] ];
85 state => Plack::Session::State->new;
91 This will maintain session state by passing the session through
92 the request params. It does not do this automatically though,
93 you are responsible for passing the session param.
95 This should be considered the state "base" class (although
96 subclassing is not a requirement) and defines the spec for
97 all B<Plack::Session::State::*> modules. You will only
98 need to override a couple methods if you do subclass. See
99 L<Plack::Session::State::Cookie> for an example of this.
105 =item B<new ( %params )>
107 The C<%params> can include I<session_key> and I<sid_generator>,
108 however in both cases a default will be provided for you.
112 This is the name of the session key, it default to 'plack_session'.
114 =item B<sid_generator>
116 This is a CODE ref used to generate unique session ids, by default
117 it will generate a SHA1 using fairly sufficient entropy. If you are
118 concerned or interested, just read the source.
122 =head2 Session ID Managment
126 =item B<get_session_id ( $request )>
128 Given a C<$request> this will first attempt to extract the session,
129 if the is expired or does not exist, it will then generate a new
130 session. The C<$request> is expected to be a L<Plack::Request> instance
131 or an object with an equivalent interface.
133 =item B<extract ( $request )>
135 This will attempt to extract the session from a C<$request> by looking
136 for the C<session_key> in the C<$request> params. It will then check to
137 see if the session has expired and return the session id if it is not.
138 The C<$request> is expected to be a L<Plack::Request> instance or an
139 object with an equivalent interface.
141 =item B<generate ( $request )>
143 This will generate a new session id using the C<sid_generator> callback.
144 The C<$request> argument is not used by this method but is there for
145 use by subclasses. The C<$request> is expected to be a L<Plack::Request>
146 instance or an object with an equivalent interface.
148 =item B<finalize ( $session_id, $response )>
150 Given a C<$session_id> and a C<$response> this will perform any
151 finalization nessecary to preserve state. This method is called by
152 the L<Plack::Session> C<finalize> method. The C<$response> is expected
153 to be a L<Plack::Response> instance or an object with an equivalent
158 =head2 Session Expiration Handling
162 =item B<expire_session_id ( $id )>
164 This will mark the session for C<$id> as expired. This method is called
165 by the L<Plack::Session> C<expire> method.
167 =item B<is_session_expired ( $id )>
169 This will check to see if the session C<$id> has been marked as
172 =item B<check_expired ( $id )>
174 Given an session C<$id> this will return C<undef> if the session is
175 expired or return the C<$id> if it is not.
181 All complex software has bugs lurking in it, and this module is no
182 exception. If you find a bug please either email me, or add the bug
187 Stevan Little E<lt>stevan.little@iinteractive.comE<gt>
189 =head1 COPYRIGHT AND LICENSE
191 Copyright 2009 Infinity Interactive, Inc.
193 L<http://www.iinteractive.com>
195 This library is free software; you can redistribute it and/or modify
196 it under the same terms as Perl itself.