Changes for version 4.10

  • SECURITY: Hopefully this settles all of the problems with symlinks. Both the file and db_file drivers now use O_NOFOLLOW with open when the file should exist and O_EXCL|O_CREAT when creating the file. Tests added for symlinks. (Matt LeBlanc)
  • SECURITY: sqlite driver no longer attempts to use /tmp/sessions.sqlt when no Handle or DataSource is specified. This was a mistake from a security standpoint as anyone on the machine would then be able to create and therefore insert data into your sessions. (Matt LeBlanc)
  • NEW: name is now an instance method (RT#17979) (Matt LeBlanc)


persistent session data in CGI applications
CGI::Session driver specifications
Base class for native DBI-related CGI::Session drivers
CGI::Session driver for BerkeleyDB using DB_File
Default CGI::Session driver
CGI::Session driver for MySQL database
PostgreSQL driver for CGI::Session
CGI::Session driver for SQLite
error handling routines for CGI::Session
CGI::Session ID driver
default CGI::Session ID generator
CGI::Session ID Driver for generating static IDs
Default CGI::Session serializer
serializer for CGI::Session
serializer for CGI::Session
Serializer for CGI::Session
serializer for CGI::Session
Extended CGI::Session manual


in lib/CGI/Session/Test/
in lib/CGI/Session/Test/
in lib/CGI/Session/Test/