25 Apr 2018 22:14:02 UTC
- Distribution: Dancer2-Session-Cookie
- Module version: 0.009
- Source (raw)
- Browse (raw)
- How to Contribute
- Issues (1)
- Testers (585 / 0 / 0)
- KwaliteeBus factor: 2
- 92.68% Coverage
- License: apache_2_0
- Perl: v5.8.1
- Activity24 month
- Download (17.05KB)
- MetaCPAN Explorer
- Subscribe to distribution
- This version
- Latest version++ed by:3 non-PAUSE usersYANICK Yanick Champoux
- SEE ALSO
- COPYRIGHT AND LICENSE
Dancer2::Session::Cookie - Dancer 2 session storage in secure cookies
# In Dancer 2 config.yml file session: Cookie engines: session: Cookie: secret_key: your secret passphrase default_duration: 604800 with_request_address: 0
This module implements a session factory for Dancer 2 that stores session state within a browser cookie. Features include:
Data serialization and compression using Sereal
Data encryption using AES with a unique derived key per cookie
Enforced expiration timestamp (independent of cookie expiration)
Cookie integrity protected with a message authentication code (MAC)
See Session::Storage::Secure for implementation details and important security caveats.
This is used to secure the cookies. Encryption keys and message authentication keys are derived from this using one-way functions. Changing it will invalidate all sessions.
Number of seconds for which the session may be considered valid. If
cookie_durationis not set as part of the session configuration, this is used instead to expire the session after a period of time, regardless of the length of the browser session. It is unset by default, meaning that sessions expiration is not capped.
If set to
true, the secret key will have the request address (as provided by
<$request-address>>) appended to it. This can help defeat some replay attacks (e.g. if the channel is not secure). But it will also cause session interruption for people on dynamic addresses.
CPAN modules providing cookie session storage (possibly for other frameworks):
Dancer::Session::Cookie -- Dancer 1 equivalent to this module
Catalyst::Plugin::CookiedSession -- encryption only
HTTP::CryptoCookie -- encryption only
Mojolicious::Sessions -- MAC only
Plack::Middleware::Session::Cookie -- MAC only
Plack::Middleware::Session::SerializedCookie -- really just a framework and you provide the guts with callbacks
Dancer2::Core::Role::SessionFactory -- documentation of the base package, some more attributes to configure the cookie
David Golden <email@example.com>
This software is Copyright (c) 2018, 2016, 2014 by David Golden.
This is free software, licensed under:
The Apache License, Version 2.0, January 2004
Module Install Instructions
To install Dancer2::Session::Cookie, copy and paste the appropriate command in to your terminal.
perl -MCPAN -e shell install Dancer2::Session::Cookie
For more information on module installation, please visit the detailed CPAN module installation guide.