1Dancer::Session::CookieU(s3e)r Contributed Perl DocumentaDtainocner::Session::Cookie(3)
2
3
4

NAME

6       Dancer::Session::Cookie - Encrypted cookie-based session backend for
7       Dancer
8

VERSION

10       version 0.30
11

SYNOPSIS

13       Your config.yml:
14
15           session: "cookie"
16           session_cookie_key: "this random key IS NOT very random"
17

DESCRIPTION

19       This module implements a session engine for sessions stored entirely in
20       cookies. Usually only the session id is stored in cookies and the
21       session data itself is saved in some external storage, e.g.  a
22       database. This module allows you to avoid using external storage at
23       all.
24
25       Since a server cannot trust any data returned by clients in cookies,
26       this module uses cryptography to ensure integrity and also secrecy. The
27       data your application stores in sessions is completely protected from
28       both tampering and analysis on the client-side.
29
30       Do be aware that browsers limit the size of individual cookies, so this
31       method is not suitable if you wish to store a large amount of data.
32       Browsers typically limit the size of a cookie to 4KB, but that includes
33       the space taken to store the cookie's name, expiration and other
34       attributes as well as its content.
35

CONFIGURATION

37       The setting session should be set to "cookie" in order to use this
38       session engine in a Dancer application. See Dancer::Config.
39
40       Another setting is also required: session_cookie_key, which should
41       contain a random string of at least 16 characters (shorter keys are not
42       cryptographically strong using AES in CBC mode).
43
44       The optional session_expires setting can also be passed, which will
45       provide the duration time of the cookie. If it's not present, the
46       cookie won't have an expiration value.
47
48       Here is an example configuration to use in your config.yml:
49
50           session: "cookie"
51           session_cookie_key: "kjsdf07234hjf0sdkflj12*&(@*jk"
52           session_expires: 1 hour
53
54       Compromising session_cookie_key will disclose session data to clients
55       and proxies or eavesdroppers and will also allow tampering, for example
56       session theft. So, your config.yml should be kept at least as secure as
57       your database passwords or even more.
58
59       Also, changing session_cookie_key will have an effect of immediate
60       invalidation of all sessions issued with the old value of key.
61
62       session_cookie_path can be used to control the path of the session
63       cookie.  The default is "/".
64
65       The global session_secure setting is honored and a secure (https only)
66       cookie will be used if set.
67

DEPENDENCY

69       This module depends on Session::Storage::Secure.  Legacy support is
70       provided using Crypt::CBC, Crypt::Rijndael, String::CRC32, Storable and
71       MIME::Base64.
72

SEE ALSO

74       See Dancer::Session for details about session usage in route handlers.
75
76       See Plack::Middleware::Session::Cookie,
77       Catalyst::Plugin::CookiedSession, "session" in Mojolicious::Controller
78       for alternative implementation of this mechanism.
79

AUTHORS

81       •   Alex Kapranoff <kappa@cpan.org>
82
83       •   Alex Sukria <sukria@cpan.org>
84
85       •   David Golden <dagolden@cpan.org>
86
87       •   Yanick Champoux <yanick@cpan.org>
88
90       This software is copyright (c) 2018, 2015, 2014, 2011 by Alex
91       Kapranoff.
92
93       This is free software; you can redistribute it and/or modify it under
94       the same terms as the Perl 5 programming language system itself.
95
96
97
98perl v5.34.0                      2022-01-21        Dancer::Session::Cookie(3)
Impressum