1Plack::Middleware::SessUisoenr(3Cpomn)tributed Perl DocuPmleanctka:t:iMoinddleware::Session(3pm)
2
3
4
6 Plack::Middleware::Session - Middleware for session management
7
9 use Plack::Builder;
10
11 my $app = sub {
12 my $env = shift;
13 my $session = $env->{'psgix.session'};
14 return [
15 200,
16 [ 'Content-Type' => 'text/plain' ],
17 [ "Hello, you've been here for ", $session->{counter}++, "th time!" ],
18 ];
19 };
20
21 builder {
22 enable 'Session';
23 $app;
24 };
25
26 # Or, use the File store backend (great if you use multiprocess server)
27 # For more options, see perldoc Plack::Session::Store::File
28 builder {
29 enable 'Session', store => 'File';
30 $app;
31 };
32
34 This is a Plack Middleware component for session management. By default
35 it will use cookies to keep session state and store data in memory.
36 This distribution also comes with other state and store solutions. See
37 perldoc for these backends how to use them.
38
39 It should be noted that we store the current session as a hash
40 reference in the "psgix.session" key inside the $env where you can
41 access it as needed.
42
43 NOTE: As of version 0.04 the session is stored in "psgix.session"
44 instead of "plack.session".
45
46 State
47 Plack::Session::State
48 This will maintain session state by passing the session through the
49 request params. It does not do this automatically though, you are
50 responsible for passing the session param.
51
52 Plack::Session::State::Cookie
53 This will maintain session state using browser cookies.
54
55 Store
56 Plack::Session::Store
57 This is your basic in-memory session data store. It is volatile
58 storage and not recommended for multiprocessing environments.
59 However it is very useful for development and testing.
60
61 Plack::Session::Store::File
62 This will persist session data in a file. By default it uses
63 Storable but it can be configured to have a custom serializer and
64 deserializer.
65
66 Plack::Session::Store::Cache
67 This will persist session data using the Cache interface.
68
69 Plack::Session::Store::Null
70 Sometimes you don't care about storing session data, in that case
71 you can use this noop module.
72
74 The following are options that can be passed to this module.
75
76 state
77 This is expected to be an instance of Plack::Session::State or an
78 object that implements the same interface. If no option is provided
79 the default Plack::Session::State::Cookie will be used.
80
81 store
82 This is expected to be an instance of Plack::Session::Store or an
83 object that implements the same interface. If no option is provided
84 the default Plack::Session::Store will be used.
85
86 It should be noted that this default is an in-memory volatile store
87 is only suitable for development (or single process servers). For a
88 more robust solution see Plack::Session::Store::File or
89 Plack::Session::Store::Cache.
90
92 In addition to providing a "psgix.session" key in $env for persistent
93 session information, this module also provides a
94 "psgix.session.options" key which can be used to control the behavior
95 of the module per-request. The following sub-keys exist:
96
97 change_id
98 If set to a true value, forces the session identifier to change
99 (rotate). This should always be done after logging in, to prevent
100 session fixation attacks from subdomains; see
101 <http://en.wikipedia.org/wiki/Session_fixation#Attacks_using_cross-subdomain_cooking>
102
103 expire
104 If set to a true value, expunges the session from the store, and
105 clears the state in the client.
106
107 no_store
108 If set to a true value, no changes made to the session in this
109 request will be saved to the store. Either "expire" and
110 "change_id" take precedence over this, as both need to update the
111 session store.
112
113 late_store
114 If set to a true value, the session will be saved at the end of the
115 request, after all data has been sent to the client -- this may be
116 required if streaming responses attempt to alter the session after
117 the header has already been sent to the client. Note, however,
118 that it introduces a possible race condition, where the server
119 attempts to store the updated session before the client makes the
120 next request. For redirects, or other responses on which the
121 client needs do minimal processing before making a second request,
122 this race is quite possible to win -- causing the second request to
123 obtain stale session data.
124
125 id This key contains the session identifier of the session. It should
126 be considered read-only; to generate a new identifier, use
127 "change_id".
128
130 All complex software has bugs lurking in it, and this module is no
131 exception. If you find a bug please either email me, or add the bug to
132 cpan-RT.
133
135 Tatsuhiko Miyagawa
136
137 Stevan Little <stevan.little@iinteractive.com>
138
140 Copyright 2009, 2010 Infinity Interactive, Inc.
141
142 <http://www.iinteractive.com>
143
144 This library is free software; you can redistribute it and/or modify it
145 under the same terms as Perl itself.
146
147
148
149perl v5.32.1 2021-01-27 Plack::Middleware::Session(3pm)