1Plack::Middleware::SessUisoenr(3Cpomn)tributed Perl DocuPmleanctka:t:iMoinddleware::Session(3pm)
2
3
4

NAME

6       Plack::Middleware::Session - Middleware for session management
7

SYNOPSIS

9         use Plack::Builder;
10
11         my $app = sub {
12             my $env = shift;
13             my $session = $env->{'psgix.session'};
14             return [
15                 200,
16                 [ 'Content-Type' => 'text/plain' ],
17                 [ "Hello, you've been here for ", $session->{counter}++, "th time!" ],
18             ];
19         };
20
21         builder {
22             enable 'Session';
23             $app;
24         };
25
26         # Or, use the File store backend (great if you use multiprocess server)
27         # For more options, see perldoc Plack::Session::Store::File
28         builder {
29             enable 'Session', store => 'File';
30             $app;
31         };
32

DESCRIPTION

34       This is a Plack Middleware component for session management. By default
35       it will use cookies to keep session state and store data in memory.
36       This distribution also comes with other state and store solutions. See
37       perldoc for these backends how to use them.
38
39       It should be noted that we store the current session as a hash
40       reference in the "psgix.session" key inside the $env where you can
41       access it as needed.
42
43       NOTE: As of version 0.04 the session is stored in "psgix.session"
44       instead of "plack.session".
45
46   State
47       Plack::Session::State
48           This will maintain session state by passing the session through the
49           request params. It does not do this automatically though, you are
50           responsible for passing the session param.
51
52       Plack::Session::State::Cookie
53           This will maintain session state using browser cookies.
54
55   Store
56       Plack::Session::Store
57           This is your basic in-memory session data store. It is volatile
58           storage and not recommended for multiprocessing environments.
59           However it is very useful for development and testing.
60
61       Plack::Session::Store::File
62           This will persist session data in a file. By default it uses
63           Storable but it can be configured to have a custom serializer and
64           deserializer.
65
66       Plack::Session::Store::Cache
67           This will persist session data using the Cache interface.
68
69       Plack::Session::Store::Null
70           Sometimes you don't care about storing session data, in that case
71           you can use this noop module.
72

OPTIONS

74       The following are options that can be passed to this module.
75
76       state
77           This is expected to be an instance of Plack::Session::State or an
78           object that implements the same interface. If no option is provided
79           the default Plack::Session::State::Cookie will be used.
80
81       store
82           This is expected to be an instance of Plack::Session::Store or an
83           object that implements the same interface. If no option is provided
84           the default Plack::Session::Store will be used.
85
86           It should be noted that this default is an in-memory volatile store
87           is only suitable for development (or single process servers). For a
88           more robust solution see Plack::Session::Store::File or
89           Plack::Session::Store::Cache.
90

PLACK REQUEST OPTIONS

92       In addition to providing a "psgix.session" key in $env for persistent
93       session information, this module also provides a
94       "psgix.session.options" key which can be used to control the behavior
95       of the module per-request.  The following sub-keys exist:
96
97       change_id
98           If set to a true value, forces the session identifier to change
99           (rotate).  This should always be done after logging in, to prevent
100           session fixation attacks from subdomains; see
101           <http://en.wikipedia.org/wiki/Session_fixation#Attacks_using_cross-subdomain_cooking>
102
103       expire
104           If set to a true value, expunges the session from the store, and
105           clears the state in the client.
106
107       no_store
108           If set to a true value, no changes made to the session in this
109           request will be saved to the store.  Either "expire" and
110           "change_id" take precedence over this, as both need to update the
111           session store.
112
113       late_store
114           If set to a true value, the session will be saved at the end of the
115           request, after all data has been sent to the client -- this may be
116           required if streaming responses attempt to alter the session after
117           the header has already been sent to the client.  Note, however,
118           that it introduces a possible race condition, where the server
119           attempts to store the updated session before the client makes the
120           next request.  For redirects, or other responses on which the
121           client needs do minimal processing before making a second request,
122           this race is quite possible to win -- causing the second request to
123           obtain stale session data.
124
125       id  This key contains the session identifier of the session.  It should
126           be considered read-only; to generate a new identifier, use
127           "change_id".
128

BUGS

130       All complex software has bugs lurking in it, and this module is no
131       exception. If you find a bug please either email me, or add the bug to
132       cpan-RT.
133

AUTHOR

135       Tatsuhiko Miyagawa
136
137       Stevan Little <stevan.little@iinteractive.com>
138
140       Copyright 2009, 2010 Infinity Interactive, Inc.
141
142       <http://www.iinteractive.com>
143
144       This library is free software; you can redistribute it and/or modify it
145       under the same terms as Perl itself.
146
147
148
149perl v5.32.1                      2021-01-27   Plack::Middleware::Session(3pm)
Impressum