1 package Plack::Session::State;
7 use Plack::Util::Accessor qw[
14 my ($class, %params) = @_;
16 $params{'_expired'} ||= +{};
17 $params{'session_key'} ||= 'plack_session';
18 $params{'sid_generator'} ||= sub {
19 Digest::SHA1::sha1_hex(rand() . $$ . {} . time)
21 $params{'sid_validator'} ||= qr/\A[0-9a-f]{40}\Z/;
23 bless { %params } => $class;
26 sub expire_session_id {
28 $self->{'_expired'}->{ $id }++;
31 sub is_session_expired {
33 exists $self->{'_expired'}->{ $id }
38 return unless $id && not $self->is_session_expired( $id );
42 sub validate_request_session_id {
43 my ($self, $request) = @_;
45 my $reqest_session_id = $self->get_request_session_id($request);
47 defined $reqest_session_id && $reqest_session_id =~ $self->sid_validator;
51 my ($self, $request) = @_;
53 $self->validate_request_session_id($request)
55 $self->extract( $request )
58 $self->generate( $request )
61 sub get_request_session_id {
62 my ($self, $request ) = @_;
64 $request->param( $self->session_key );
68 my ($self, $request) = @_;
70 $self->check_expired( $self->get_request_session_id($request) );
75 $self->sid_generator->( @_ );
80 my ($self, $id, $response) = @_;
92 Plack::Session::State - Basic parameter-based session state
97 use Plack::Middleware::Session;
98 use Plack::Session::State;
101 return [ 200, [ 'Content-Type' => 'text/plain' ], [ 'Hello Foo' ] ];
106 state => Plack::Session::State->new;
112 This will maintain session state by passing the session through
113 the request params. It does not do this automatically though,
114 you are responsible for passing the session param.
116 This should be considered the state "base" class (although
117 subclassing is not a requirement) and defines the spec for
118 all B<Plack::Session::State::*> modules. You will only
119 need to override a couple methods if you do subclass. See
120 L<Plack::Session::State::Cookie> for an example of this.
126 =item B<new ( %params )>
128 The C<%params> can include I<session_key>, I<sid_generator> and I<sid_checker>
129 however in both cases a default will be provided for you.
133 This is the name of the session key, it default to 'plack_session'.
135 =item B<sid_generator>
137 This is a CODE ref used to generate unique session ids, by default
138 it will generate a SHA1 using fairly sufficient entropy. If you are
139 concerned or interested, just read the source.
141 =item B<sid_validator>
143 This is a regex used to validate requested session id,
147 =head2 Session ID Managment
151 =item B<get_session_id ( $request )>
153 Given a C<$request> this will first attempt to extract the session,
154 if the is expired or does not exist, it will then generate a new
155 session. The C<$request> is expected to be a L<Plack::Request> instance
156 or an object with an equivalent interface.
158 =item B<get_request_session_id ( $request )>
160 =item B<extract ( $request )>
162 This will attempt to extract the session from a C<$request> by looking
163 for the C<session_key> in the C<$request> params. It will then check to
164 see if the session has expired and return the session id if it is not.
165 The C<$request> is expected to be a L<Plack::Request> instance or an
166 object with an equivalent interface.
168 =item B<generate ( $request )>
170 This will generate a new session id using the C<sid_generator> callback.
171 The C<$request> argument is not used by this method but is there for
172 use by subclasses. The C<$request> is expected to be a L<Plack::Request>
173 instance or an object with an equivalent interface.
175 =item B<finalize ( $session_id, $response )>
177 Given a C<$session_id> and a C<$response> this will perform any
178 finalization nessecary to preserve state. This method is called by
179 the L<Plack::Session> C<finalize> method. The C<$response> is expected
180 to be a L<Plack::Response> instance or an object with an equivalent
185 =head2 Session Expiration Handling
189 =item B<expire_session_id ( $id )>
191 This will mark the session for C<$id> as expired. This method is called
192 by the L<Plack::Session> C<expire> method.
194 =item B<is_session_expired ( $id )>
196 This will check to see if the session C<$id> has been marked as
199 =item B<check_expired ( $id )>
201 Given an session C<$id> this will return C<undef> if the session is
202 expired or return the C<$id> if it is not.
208 All complex software has bugs lurking in it, and this module is no
209 exception. If you find a bug please either email me, or add the bug
214 Stevan Little E<lt>stevan.little@iinteractive.comE<gt>
216 =head1 COPYRIGHT AND LICENSE
218 Copyright 2009 Infinity Interactive, Inc.
220 L<http://www.iinteractive.com>
222 This library is free software; you can redistribute it and/or modify
223 it under the same terms as Perl itself.