Concierge-Auth
view release on metacpan or search on metacpan
examples/04-session-management.pl view on Meta::CPAN
#!/usr/bin/env perl
=head1 NAME
04-session-management.pl - Session management system example
=head1 DESCRIPTION
Demonstrates how to build a simple session management system
using Concierge::Auth for authentication and token generation.
=cut
use strict;
use warnings;
use Concierge::Auth;
use File::Temp qw(tempfile);
use Time::HiRes qw(time);
print "=== Session Management Example ===\n\n";
# Setup authentication system
my ($fh, $auth_file) = tempfile(CLEANUP => 1);
close $fh;
my $auth = Concierge::Auth->new({file => $auth_file});
# Register some test users
my %test_users = (
'alice' => 'secure_password_123',
'bob' => 'bobs_secret_key',
'charlie' => 'charlie_strong_pass'
);
print "--- User Registration ---\n";
for my $username (sort keys %test_users) {
my $password = $test_users{$username};
my ($success, $message) = $auth->setPwd($username, $password);
printf "%-10s: %s\n", $username, $success ? "registered" : "failed";
}
# Simple session management system
my %active_sessions;
my $SESSION_TIMEOUT = 3600; # 1 hour in seconds
sub create_session {
my ($username, $password) = @_;
# Authenticate user
return (0, "Invalid credentials") unless $auth->checkPwd($username, $password);
# Generate secure session token
my $session_token = $auth->gen_random_token(32, 'url_safe');
# Store session data
$active_sessions{$session_token} = {
username => $username,
created_at => time(),
last_active => time(),
ip_address => '127.0.0.1', # In real app, get from request
user_agent => 'Example-Client/1.0'
};
return (1, $session_token);
}
sub validate_session {
my ($session_token) = @_;
return unless $session_token;
return unless exists $active_sessions{$session_token};
my $session = $active_sessions{$session_token};
my $now = time();
# Check if session has expired
if (($now - $session->{last_active}) > $SESSION_TIMEOUT) {
delete $active_sessions{$session_token};
return;
}
# Update last active time
$session->{last_active} = $now;
return $session->{username};
}
sub refresh_session {
my ($session_token) = @_;
return unless exists $active_sessions{$session_token};
my $session = $active_sessions{$session_token};
$session->{last_active} = time();
return 1;
}
sub destroy_session {
my ($session_token) = @_;
return delete $active_sessions{$session_token} ? 1 : 0;
}
sub list_active_sessions {
my ($username) = @_;
my @user_sessions;
for my $token (keys %active_sessions) {
examples/04-session-management.pl view on Meta::CPAN
=head2 Security Features
=over 4
=item * Cryptographically secure session tokens
=item * Session timeout for idle sessions
=item * Validation on every request
=item * Clean session destruction
=item * No session data stored client-side
=back
=head2 Production Considerations
In a production system, consider:
=over 4
=item * Store sessions in database or cache (Redis/Memcached)
=item * Include IP address and User-Agent validation
=item * Implement session fixation protection
=item * Add CSRF token generation
=item * Log security events (login, logout, failures)
=item * Implement rate limiting for login attempts
=item * Support multiple concurrent sessions per user
=back
=head1 INTEGRATION EXAMPLE
# Web framework integration
use Concierge::Auth;
my $auth = Concierge::Auth->new({file => '/secure/path/users.db'});
my %sessions; # In production: use database/cache
# Login endpoint
sub handle_login {
my ($username, $password) = @_;
my ($success, $token) = create_session($username, $password);
if ($success) {
# Set secure cookie
set_cookie('session_token' => $token, {
secure => 1,
httponly => 1,
samesite => 'strict'
});
return success_response();
}
return error_response('Invalid credentials');
}
# Authentication middleware
sub authenticate_request {
my $token = get_cookie('session_token');
my $username = validate_session($token);
return $username || unauthenticated_response();
}
=head1 SEE ALSO
L<Concierge::Auth>, 05-api-keys.pl, 01-basic-authentication.pl
=cut
( run in 0.648 second using v1.01-cache-2.11-cpan-d06a3f9ecfd )