/ 
Mojolicious-9.42
River stage four • 1087 direct dependents • 1232 total dependents
⭐ Starred 2674 GitHub stars
/ Mojo::Cookie::Response
Security Advisories (2)
CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

CVE-2024-58135 (2025-05-03)

Mojolicious versions from 7.28 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

NAME

Mojo::Cookie::Response - HTTP response cookie

SYNOPSIS

use Mojo::Cookie::Response;

my $cookie = Mojo::Cookie::Response->new;
$cookie->name('foo');
$cookie->value('bar');
say "$cookie";

DESCRIPTION

Mojo::Cookie::Response is a container for HTTP response cookies, based on RFC 6265.

ATTRIBUTES

Mojo::Cookie::Response inherits all attributes from Mojo::Cookie and implements the following new ones.

domain

my $domain = $cookie->domain;
$cookie    = $cookie->domain('localhost');

Cookie domain.

expires

my $expires = $cookie->expires;
$cookie     = $cookie->expires(time + 60);

Expiration for cookie.

host_only

my $bool = $cookie->host_only;
$cookie  = $cookie->host_only($bool);

Host-only flag, indicating that the canonicalized request-host is identical to the cookie's "domain".

httponly

my $bool = $cookie->httponly;
$cookie  = $cookie->httponly($bool);

HttpOnly flag, which can prevent client-side scripts from accessing this cookie.

max_age

my $max_age = $cookie->max_age;
$cookie     = $cookie->max_age(60);

Max age for cookie.

path

my $path = $cookie->path;
$cookie  = $cookie->path('/test');

Cookie path.

samesite

my $samesite = $cookie->samesite;
$cookie      = $cookie->samesite('Lax');

SameSite value.

secure

my $bool = $cookie->secure;
$cookie  = $cookie->secure($bool);

Secure flag, which instructs browsers to only send this cookie over HTTPS connections.

METHODS

Mojo::Cookie::Response inherits all methods from Mojo::Cookie and implements the following new ones.

parse

my $cookies = Mojo::Cookie::Response->parse('f=b; path=/');

Parse cookies.

to_string

my $str = $cookie->to_string;

Render cookie.

SEE ALSO

Mojolicious, Mojolicious::Guides, https://mojolicious.org.