++ed by:

1 non-PAUSE user.

Karl Gaissmaier
and 1 contributors


Captive::Portal::Role::Session - session methods for Captive::Portal


IP addresses of clients must be unique. They are determined by the HTTP-Parameter REMOTE_ADDR. The corresponding MAC-address is determined from the ARP-table. If there are duplicate IP-addresses for different MAC-addresses something bad is happening (ARP-spoofing, ...). Captive::Portal warns on duplicate IP-addresses.

Active sessions have corresponding IP/MAC entries in the capo_sessions_ipset.

Session state is recorded on disc under the $SESSIONS_DIR. The session state is JSON encoded.

Example: active session

      "STATE"      : "active",
      "START_TIME" : 1317106093,
      "STOP_TIME"  : "",
      "IDLE_SINCE" : null,
      "USERNAME"   : "foo",
      "IP"         : "",
      "MAC"        : "F0:F4:69:17:89:DE",
      "USER_AGENT" : "Mozilla/5.0 ... Safari/534.50",
      "COOKIE"     : "202ceeee8c0ec85869dbac19c57c3c5e"


All roles throw exceptions on error.


Returns the current- or a new initialized session-hash for this HTTP-Client.


Open/create the sessions directory defined in the config file.


Unlink all session files from disk.


Return a list of all session filenames in sessions dir.


Return a filehandle to the clients session file with the requested lock assigned. There is no unlock required, after destroying the filehandle the file is closed and the lock released.

Named parameters:

 key      => ip address of session
 shared   => shared lock, defaults to exclusive lock
 blocking => blocking lock request, defaults to blocking
 try      => number of retries in nonblocking mode, defaults to 1 retry
 timeout  => timeout in blocking mode, defaults to 1s

Read the session file for $lock_handle and decode the JSON format into a hashref.

$capo->write_session_handle($lock_handle, $session)

Encode the session hashref into JSON and write the session file belonging to $lock_handle.


Unlink session file from disk.


Generate a CaPo cookie with random- and session-data or use the already existing session cookie. The cookie is used to fast reactivate an idle session if the IP/MAC/COOKIE is still matching. Cookies are not mandatory, they are just for a better user experience.


Check if request cookie is equal session cookie. Returns true on success and false on failure.


Karl Gaissmaier, <gaissmai at cpan.org>


Copyright 2010-2012 Karl Gaissmaier, all rights reserved.

This distribution is free software; you can redistribute it and/or modify it under the terms of either:

a) the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version, or

b) the Artistic License version 2.0.