NAME

Dancer2::Session::Cookie - Dancer 2 session storage in secure cookies

VERSION

version 0.007

SYNOPSIS

  # In Dancer 2 config.yml file

  session: Cookie
  engines:
    session:
      Cookie:
        secret_key: your secret passphrase
        default_duration: 604800

DESCRIPTION

This module implements a session factory for Dancer 2 that stores session state within a browser cookie. Features include:

• Data serialization and compression using Sereal

• Data encryption using AES with a unique derived key per cookie

• Enforced expiration timestamp (independent of cookie expiration)

• Cookie integrity protected with a message authentication code (MAC)

See Session::Storage::Secure for implementation details and important security caveats.

ATTRIBUTES

secret_key (required)

This is used to secure the cookies. Encryption keys and message authentication keys are derived from this using one-way functions. Changing it will invalidate all sessions.

default_duration

Number of seconds for which the session may be considered valid. If cookie_duration is not set, this is used instead to expire the session after a period of time, regardless of the length of the browser session. It is unset by default, meaning that sessions expiration is not capped.

SEE ALSO

CPAN modules providing cookie session storage (possibly for other frameworks):

• Dancer::Session::Cookie -- Dancer 1 equivalent to this module

• Catalyst::Plugin::CookiedSession -- encryption only

• HTTP::CryptoCookie -- encryption only

• Mojolicious::Sessions -- MAC only

• Plack::Middleware::Session::Cookie -- MAC only

• Plack::Middleware::Session::SerializedCookie -- really just a framework and you provide the guts with callbacks

• Dancer2::Core::Role::SessionFactory -- documentation of the base package, some more attributes to configure the cookie

AUTHOR

David Golden <dagolden@cpan.org>

COPYRIGHT AND LICENSE

This software is Copyright (c) 2013 by David Golden.

This is free software, licensed under:

  The Apache License, Version 2.0, January 2004