view release on metacpan or  search on metacpan

SecureState.pm  view on Meta::CPAN

  $cgi->delete('input');

  foreach ($cgi->param()) {
      print "\n<br>$_ -> ",$cgi->param($_) if (/input/);
  }
  print $cgi->end_html;


This example is a cron job that cleans up old state files in the directories
F</var/www/perl/states> and F</var/www/cgi-bin/states>:

  #!/usr/bin/perl -w
  use CGI::SecureState;

  $cgi = new CGI::SecureState(-mindSet => 'forgetful',
			      -stateDir => '/var/www/perl/states');
  $cgi->cleanup_states;
  $cgi->cleanup_states(-directory => '/var/www/cgi-bin/states');
  $cgi->delete_session;


=head1 BUGS

There are B<no known bugs> with the current version.  However, take note
of the limitations section.

If you do find a bug, you should send it immediately to
behroozi@cpan.org with the subject "CGI::SecureState Bug".
I am I<not responsible> for problems in your code, so make sure
that an example actually works before sending it.  It is merely acceptable
if you send me a bug report, it is better if you send a small
chunk of code that points it out, and it is best if you send a patch--if
the patch is good, you might see a release the next day on CPAN.
Otherwise, it could take weeks . . .



=head1 LIMITATIONS

Crypt::Blowfish is the only cipher that CGI::SecureState is using
at the moment.  Change at your own risk.

CGI.pm has a tendency to set default values for form input fields
that CGI::SecureState does NOT override. If this becomes problematic,
use the -override setting when calling things like hidden().

Changes have been made so that saving/recovering Unicode now appears
to work (with Perl 5.8.0).  This is still not guaranteed to work; if
you have reports of problems or solutions, please let me know.

As far as threading is concerned, CGI::SecureState (the actual module)
is thread-safe as long as you provide it with an absolute path to the
state file directory or if you do not change working directories in
mid-stream.  This does not mean that it is necessarily safe to use
CGI::SecureState in an application with threads, as thread-safety may
be compromised by either Crypt::Blowfish or Digest::SHA1.  Check these
modules to make sure that they are thread-safe before proceeding to
use CGI::SecureState in an application with threads.

Until I can do more tests, assume that there is precisely zero
support for either threading or unicode.  If you would like to
report your own results, send me a note and I will see what I
can do about them.

Many previous limitations of CGI::SecureState have been
removed in the 0.3x series.


CGI::SecureState requires:


Long file names (at least 27 chars): needed to ensure session
authenticity.


Crypt::Blowfish: it couldn't be called "Secure" without.  At some point in
the future, this requirement will be changed.  Tested with versions 2.06, 2.09.


Digest::SHA1: for super-strong (160 bit) hashing of data.  It is used in
key generation and filename generation.  Tested with versions 1.03, 2.01.


CGI.pm: it couldn't be called "CGI" without.  Should not be a problem as it
comes standard with Perl 5.004 and above.  Tested with versions
2.56, 2.74, 2.79, 2.89.

Fcntl: for file flags that are portable (like LOCK_SH and LOCK_EX).  Comes
with Perl.  Tested with version 1.03.

File::Spec: for concatenating directories and filenames in a portable way.
Comes with Perl.  Tested with version 0.82.

Perl: Hmmm.  Tested with stable releases from v5.005_03 to v5.8.0.
There may be several bugs induced by lower versions of Perl,
which are not limited to the failure to compile, the failure to
behave properly, or the mysterious absence of your favorite pair of
lemming slippers.  The author is exempt from wrongdoing and liability,
especially if you decide to use CGI::SecureState with a version of Perl
less than 5.005_03.


=head1 SEE ALSO

  CGI(3), CGI::Persistent(3)

=head1 AUTHORS

Peter Behroozi, behroozi@cpan.org

=cut