Deprecated.
The maintainer of this distribution has indicated that it is deprecated and no longer suitable for use.
Changes for version 0.54 - 2026-06-27
- This distribution is now deprecated (x_deprecated). Use Plack::Middleware::Session instead. This module will no longer be maintained or receive further updates.
- HTTP::Session::ID::Urandom now draws from Crypt::URandom instead of reading /dev/urandom directly, for portability and speed, and is now the default session-ID backend.
- Fix predictable session-ID generation in HTTP::Session::ID::MD5 and HTTP::Session::ID::SHA1 (CVE-2026-3256): they now hash cryptographically secure random bytes from Crypt::URandom instead of a time/PID/rand()-based value. Their hexadecimal output format is unchanged.
- HTTP::Session::Store::CHI now filters session ids the same way HTTP::Session::Store::Memcached does, rejecting control characters and overly long ids before passing them to the backend.
Documentation
Modules
(DEPRECATED) simple session
Maintain session IDs using cookies
state module for testing
embed session id to uri
store session data with CHI
DBM session store
File session store
store session data in memcached
dummy module for session store
store session data on memory
store session data on memory for testing
Provides
in lib/HTTP/Session/Expired.pm
in lib/HTTP/Session/Finalized.pm
in lib/HTTP/Session/ID/MD5.pm
in lib/HTTP/Session/ID/SHA1.pm
in lib/HTTP/Session/ID/Urandom.pm
in lib/HTTP/Session/State/Base.pm
in lib/HTTP/Session/State/Mixin/ResponseFilter.pm