use Plack::Util::Accessor qw[
session_key
sid_generator
+ sid_checker
];
sub new {
$params{'sid_generator'} ||= sub {
Digest::SHA1::sha1_hex(rand() . $$ . {} . time)
};
+ $params{'sid_checker'} ||= qr/\A[0-9a-f]{40}\Z/;
bless { %params } => $class;
}
return $id;
}
+sub check_request_session_id {
+ my ($self, $request) = @_;
+
+ my $reqest_session_id = $self->get_request_session_id($request);
+ my $sid_checker = $self->sid_checker;
+
+ defined $reqest_session_id && $reqest_session_id =~ m{$sid_checker};
+}
+
sub get_session_id {
my ($self, $request) = @_;
- $self->extract( $request )
+ (
+ $self->check_request_session_id($request)
+ &&
+ $self->extract( $request )
+ )
||
$self->generate( $request )
}
+sub get_request_session_id {
+ my ($self, $request ) = @_;
+
+ $request->param( $self->session_key );
+}
+
sub extract {
my ($self, $request) = @_;
- $self->check_expired( $request->param( $self->session_key ) );
+
+ $self->check_expired( $self->get_request_session_id($request) );
}
sub generate {
=item B<new ( %params )>
-The C<%params> can include I<session_key> and I<sid_generator>,
+The C<%params> can include I<session_key>, I<sid_generator> and I<sid_checker>
however in both cases a default will be provided for you.
=item B<session_key>
it will generate a SHA1 using fairly sufficient entropy. If you are
concerned or interested, just read the source.
+=item B<sid_checker>
+
+This is a regex used to check requested session id,
+
=back
=head2 Session ID Managment
$self->expires( 0 );
}
+sub get_request_session_id {
+ my ($self, $request ) = @_;
+ ($request->cookie( $self->session_key ) || return )->value;
+}
+
sub extract {
my ($self, $request) = @_;
- $self->check_expired( ( $request->cookie( $self->session_key ) || return )->value );
+ $self->check_expired( $self->get_request_session_id($request) || return );
}
sub finalize {
$response_test->( $resp, $sids[1] );
}
+
+ {
+ # wrong format session_id
+ my $r = $request_creator->({ plack_session => '../wrong' });
+
+ my $s = Plack::Session->new(
+ state => $state,
+ store => $storage,
+ request => $r,
+ );
+
+
+ isnt('../wrong' => $s->id, '... regenerate session id');
+
+ ok(!$s->get('foo'), '... no value stored for foo in session');
+
+ lives_ok {
+ $s->set( foo => 'baz' );
+ } '... set the value successfully';
+
+ is($s->get('foo'), 'baz', '... got the foo value back successfully from session');
+
+ my $resp = $r->new_response;
+
+ lives_ok {
+ $s->finalize( $resp );
+ } '... finalized session successfully';
+
+ $response_test->( $resp, $s );
+ }
}
-1;
\ No newline at end of file
+1;